[Xen-users] Recipe for 'Thin Domain 0' request

["William \(Andy\) Smith" <romaq@xxxxxxxxxxxxxxxxxxxxx>]

I have two identical 'Enterprise Level' machines on a bastion network.

(The Internet)
       |        Host 1
  (firewall)--<
       |        Host 2
(internal net)

The Internal net is NAT'd, I have a full support development environment and
a 2.4TB raid. Host 1 and Host 2 are currently serving public IP.

What I would like to do is replace Host 1 and Host 2 with Xen Domain0's
running on an RFC 1918 network, and have those domains be as thin as
possible. I'm hoping to learn how to PXE boot the two hosts. I need as thin
as possible a Xen Domain 0 image to pass to the host coming up. The Domain 0
image (A PXE readonly image) then needs to start guest domains from readonly
images. Each domain then picks up on the portion it can write back to.

At this time, Host 1 and Host 2 have their own 600GB raided hard drives.
Once the guest domains have their readonly image, they can then mount their
write-back portion for spools, guest home directories and so on. The
write-back will be LVMs on the hosts 600G raids for the moment, with
consideration of having portions of the 2.4 TB leased to bastions and
removing the drives later.

One particularly nasty thought is to have Host 1 and Host 2 each serve
'firewall' guest domains. We have one routing IP outside of our 'public' IP
network, and our provider will allow us a second routing IP. I would need to
prove the theory that I can isolate the NIC device and its traffic from
Domain 0 and all other domains in a firewall application.

I would like assistance with a recipe that presumes a development
environment on a separate host, builds a 'minimal domain 0' host 1 and lets
me steer towards the project I describe above.

--Romaq




_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users