Out of office

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Out of office

Robert McNicol
I will be away from the office beginning Friday Dec 22nd. I will be returning Tuesday Jan 2nd. I will not have access to email during this time. IF you have an immediate need, contact Cynthia at ext 229.

Robert McNicol
Systems Administrator
ServiceMaster Restore | Fraser Valley


_______________________________________________
Xen-users mailing list
[hidden email]
https://lists.xenproject.org/mailman/listinfo/xen-users
Reply | Threaded
Open this post in threaded view
|

Guest Type for Network Management

rayj

I would like to determine the type of domu to use for a network domain for my laptop that handles the physical interfaces.  I have just loaded Debian 9.3 and Xen 4.8.  The laptop is a Toshiba with VT working.  The main interface will be wireless but when doc'd, it will have a wired connection.  This is a personal workstation so it will not have high traffic.  I want the networking managed in a domu for security.  I would like to understand the trade-offs for PV, HVM and PVH. 

Is it appropriate to include a firewall here or should different guests use different firewalls?

What is an appropriate term to call a domu used for networking?

Ray

_______________________________________________
Xen-users mailing list
[hidden email]
https://lists.xenproject.org/mailman/listinfo/xen-users
Reply | Threaded
Open this post in threaded view
|

Re: Guest Type for Network Management

Michel D'HOOGE
Hi,

I'll just answer that part:

> Is it appropriate to include a firewall here or should different guests use
> different firewalls?

Virtualizing some computers is not so different to having small,
concrete computers connected together into a LAN. So the answer is: it
depends ;-)

Having a firewall only in the network domain should spare some CPU
because the filtering is only done once. But this isn't maybe
fine-grained enough.
On the other hand, if your dom0 and domUs are doing very different
businesses, this could be easier to configure a firewall per dom.
And like in a real LAN, it also depends on how you trust every domU.

In your case (a laptop), filtering (and maybe NAT-ing for wireless) in
the network domain could be easier, because you'll have a single point
of configuration & management.

Michel

_______________________________________________
Xen-users mailing list
[hidden email]
https://lists.xenproject.org/mailman/listinfo/xen-users
Reply | Threaded
Open this post in threaded view
|

Re: Guest Type for Network Management

rayj

Michael,

Thank you. 


On 12/29/2017 3:53 AM, Michel D'HOOGE wrote:
Hi,

I'll just answer that part:

Is it appropriate to include a firewall here or should different guests use
different firewalls?
Virtualizing some computers is not so different to having small,
concrete computers connected together into a LAN. So the answer is: it
depends ;-)

Having a firewall only in the network domain should spare some CPU
because the filtering is only done once. But this isn't maybe
fine-grained enough.
On the other hand, if your dom0 and domUs are doing very different
businesses, this could be easier to configure a firewall per dom.
And like in a real LAN, it also depends on how you trust every domU.

In your case (a laptop), filtering (and maybe NAT-ing for wireless) in
the network domain could be easier, because you'll have a single point
of configuration & management.

Michel
I appreciate your viewpoints.  I do not have a variety of different functionality so it seems like a single firewall should be sufficient.

Ray

-- 
Ray Joseph, PE
832 586-5854
[hidden email]

_______________________________________________
Xen-users mailing list
[hidden email]
https://lists.xenproject.org/mailman/listinfo/xen-users
Reply | Threaded
Open this post in threaded view
|

Re: Guest Type for Network Management

Phil Susi
In reply to this post by rayj
When composing a new message to a mailing list, please do that instead
of hitting reply to some unrelated message and changing the subject
line.  The latter causes your message to show up as part of the other
unrelated thread.

On 12/28/2017 10:52 AM, rayj wrote:

>
> I would like to determine the type of domu to use for a network domain
> for my laptop that handles the physical interfaces.  I have just loaded
> Debian 9.3 and Xen 4.8.  The laptop is a Toshiba with VT working.  The
> main interface will be wireless but when doc'd, it will have a wired
> connection.  This is a personal workstation so it will not have high
> traffic.  I want the networking managed in a domu for security.  I would
> like to understand the trade-offs for PV, HVM and PVH.
>
> Is it appropriate to include a firewall here or should different guests
> use different firewalls?
>
> What is an appropriate term to call a domu used for networking?

_______________________________________________
Xen-users mailing list
[hidden email]
https://lists.xenproject.org/mailman/listinfo/xen-users