Rupert Schlick
2005-May-30 08:18 UTC
[Xen-users] Xen on Via C3 (Eden/Samuel 2) - Success Story
This is a long outstanding report on Adam Sulmicki''s 4kB Patches on a Via C3 CPU. Some CPUs from the VIA C3 series have only support for 4kb-Pages. Adam Sulmicki provided a patch for Xen to support this group of CPUs (http://lists.xensource.com/archives/html/xen-devel/2004-12/msg00083.html). This Patch is running happily on my Lex Light with Xen 2.0 release since January 2005 with no troubles (at least no troubles related to Xen or the patch). The networking setup is far from efficient, but gives full abstraction of the firewall policy from "real"/physical network setup and a nice Xen show case. The machine serves as my local routing firewall, vpn-endpoint, dns-server and apt-proxy (and more to come). All of these functions are separated in different unprivileged domains, providing: - the possibility to separate them easily into different machines later - a stronger separation of the services than possible on one machine without virtualisation (at the cost of more resources and some more complexity), giving more security and reducing the risk of one service monopolizing the CPU. The firewall domain is now controlling 16 virtual interfaces, having each domain and physical server in an own DMZ: - 1 internet connection (SDSL) - 4 local other domains (including dom0) - 6 xen domains on a second machine (including dom0) - 2 domains running on demand (local or remote) - 3 more physical machines The interface of dom0 can be shutdown when no maintenance work has to be done. - all five NICs of the machine (3 onboard, 2 USB) are connected to the firewall-domain via bridging (one own bridge and vif for each NIC). - all local domains are bridged to separate firewall-vifs - the domains from the second Xen-Server are bridged via VLANS and also routed by the firewall domain with no direct connection to their dom0 or between them. One of the next steps is to add a file integrity assessment (host based IDS) running from dom0 or on the daily backup data and therefore fully invisible from guest domains. Thanks to the Xen team for a great software and to Adam Sulmicki for his patch allowing me to do all of the above with a fanless booksize PC. Rupert _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users