| 1 |
>> Basically what I want to do is create a series of VERY tiny VMs that |
| 2 |
>> are all independent of each other, which provide one service. For |
| 3 |
>> instance, I might put apache on one VM, and tomcat on another, and so |
| 4 |
>> on. Obviously, I would want their memory usage to be absolutely |
| 5 |
>> minimized, seeing that I would like to run them all on one computer. |
| 6 |
>> I would probably provide them 64M-128M of RAM each, for their specific |
| 7 |
>> service. Perhaps a little more if really required. |
| 8 |
|
| 9 |
Lots of interest in VMs lately - Is this to increase security (isolating |
| 10 |
servers and components in case one is compromised)? Or perhaps you are |
| 11 |
isolating components for the purpose of evaluating them? |
| 12 |
|
| 13 |
<snip> |
| 14 |
|
| 15 |
> Nick[1] made a post about minimizing Gentoo a while back. |
| 16 |
> But that topic was mainly about the disk usage. |
| 17 |
> I suppose you would benefit from a system that uses the -Os flag to |
| 18 |
|
| 19 |
<snip> |
| 20 |
|
| 21 |
> But do you think vmware is fit for such a task? |
| 22 |
> vmware is a big strain on resources itself. |
| 23 |
> You might want to have a look at xen[2] instead. |
| 24 |
> |
| 25 |
> [1] http://thread.gmane.org/gmane.linux.gentoo.user/160899/focus=160903 |
| 26 |
> [2] http://www.xensource.com/xen/xen/index.html |
| 27 |
|
| 28 |
Presuming that one is seeking greater security, how does xen compare with |
| 29 |
vmware in that regard? |
| 30 |
|
| 31 |
Would a server in a VM actually be more secure than a server in a |
| 32 |
"hardened" chroot jail? |
| 33 |
|
| 34 |
(though I'd guess that a hardened system would be the best basis for a |
| 35 |
server, VM or chroot; and the logical placement of a VM would be within a |
| 36 |
chroot jail?). |
| 37 |
|
| 38 |
TIA |
| 39 |
|
| 40 |
|
| 41 |
-- |
| 42 |
gentoo-security@g.o mailing list |
Archives