|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] Firewall in domU, networking in XEN
sorry here, my comment should not be taken wrong and the concept to have one powerfull server to handle most oft he services is absolutelly good too, we almost do that here too. first: the probem i have, for ex, ist he firewall stuff, i mean in our point of view, a firewall should be seperated by 2 nic's and i assume briged nic on a xen will cause some difficulties with iptable! even i dont know how you would quaranty security when all ip packages traverse the same nic! second: on powerfull server == one single point of failure! what about lvm snapshots, where to put them, what to do if the server crashes, server down time? that what i wanted to say, for me the concept is missing. all your services can be made easely with xen, windws domU, linux domU. i would only suggest to consider of using at least 2 xen server, replicated with drbd, but not remus! and in the very best case a third lowcost server with disk space to copy lvm gziped snapshots over ssh daily or weekly. thats it. thanks walter -----Original Message----- From: xen-users-bounces@xxxxxxxxxxxxx [mailto:xen-users-bounces@xxxxxxxxxxxxx] On Behalf Of Slawek Kosowski Sent: Montag, 30. April 2012 12:58 To: xen-users@xxxxxxxxxxxxx Subject: Re: [Xen-users] Firewall in domU, networking in XEN The concept is to buy one powerful dedicated machine and virtualize all the rest. @Walter can you clarify what's messy about this design ? @Simon, thanks for advises The reason why I have only one physical NIC is that, the server will be a dedicated server collocated in the datacenter. Therefore, I don't see any need to have additional NICs. Question regarding the LVM. I will dispose hardware RAID 1. I will create a volume group on the whole disk. Then I will make 2 logical volumes, one for dom0 root and one for dom0 swap. I don't see any clear advantage of making more LVs with separate mounting points unless I have big and bulky files to archive by making snapshots. Simply by having only 2 LVs I decrease granularity, but facilitate management. At the limit I can add new LVs and mount them to specific locations (e.g. /usr or /var) copying the files from root LV. I plan to make new domU on additional LV in the same VG as dom0. Does it make sense ? Thanks ! Slawek Kosowski Dnia 30-04-2012 o godz. 11:28 Walter Robert Ditzler napisał(a): > hi slawek, > > 1 comment only so far, until u begin u should know what u want. all > wished features can be set up by xen, no prpos but dhcp firewall ... > with 1 nic ... > > that sound really mess'y > > not xen is here the nut, the overal concept! > > u want all services and all security with minimal hardware (nic). > > in switzland we say: u can have the bread and the 5p at the same time > :) > > thanks walter > _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxx http://lists.xen.org/xen-users _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxx http://lists.xen.org/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |