Xen project Mailing List

[Xen-devel] Back end domains : input desired

To: Mark Williamson <Mark.Williamson@xxxxxxxxxxxx>

From: "B.G. Bruce" <bgb@xxxxxxxxx>

Date: Mon, 24 Jan 2005 12:09:34 -0400

Cc: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxxx>

Delivery-date: Mon, 24 Jan 2005 16:10:28 +0000

List-id: List for Xen developers <xen-devel.lists.sourceforge.net>

What I'd LOVE to achieve with XEN (for security reasons) is the following: DOM0: minimal linux install with LVM2 primarily for backending the ide disks. BE_NIC_0: Back end NIC_0 domain (bridge) with minimal linux install - no ip address assigned - using ebtables to filter/protect BE_NIC_1: Same as BE_NIC_0 only for NIC_1 BE_VNIC_2: Back end for a "virtual nic"/bridge for DomU to DomU communication (DMZ). BE_MGMT: firewall config/mgmt console (xwindows) (preferred x displaying (direct) through AGP on console - is this possible) and ntp/clock sync (can this happen here or does it have to happen on DOM0?). Various front end DomU's: for router/fw and various application layer gateways. My idea here is to be able to isolate the components into minimal operating environments allowing for specific need/application to be rebooted without having to reboot the entire box should that particular component be DoS'ed. Your thoughts on this setup would be appreciated (also you can see that having a socket interface rather than an ip interface for XEND would be of GREAT advantage). Now, I've tried setting this up but I'm running into some confusion here. 1) I only seem to be able to compile the actual NIC drivers with DOM0 (e100/e1000/3c95x, etc). Is this where I should be compiling them even though the NIC's will be used in another DOM? If not, how do I go about compiling the drivers for the BE DOM'S? (they don't show up as options - yes, I do have XEN_PHYSDEV_ACCESS and XEN_NETDEV_BACKEND enabled. 2) Even with pci_dom0_hide=(01,01,0)(02,00,0) as part of my grub.conf (for the startup of xen.gz), I still see these devices under DOM0, is this normal? lspci shows the devices as 0000:01:01.0 and 0000:02:00:0.0) respectively. Are my parameters to pci_dom0_hide correct? 3) Should I be using stable, testing or unstable for this? NOTE: stable and testing both are unable to attach xen console to ttyS whereas unstable works correctly for this. 4) It would be preferred to run X in a domain separate from Dom0, but still be accessible for use on the local console without having to install X and a VNC client in DOM0. Is this possible, or am I just dreaming here? Regards, B. ------------------------------------------------------- This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting Tool for open source databases. Create drag-&-drop reports. Save time by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. Download a FREE copy at http://www.intelliview.com/go/osdn_nl _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.