Hi everybody ! I would like to know what are the good practice in Dom0 utilisation ... - Does it prefer that i use Dom 0 only for Xen Hypervisor ? - If yes, how much ram i need to reserv for Dom0 ? - Are there a link between amount of ram in Dom0 and number of virtual machine run on this computer ? thanks in advance Michael _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Hi everybody ! I would like to know what are the good practice in Dom0 utilisation ... - Does it prefer that i use Dom 0 only for Xen Hypervisor ? - If yes, how much ram i need to reserv for Dom0 ? - Are there a link between amount of ram in Dom0 and number of virtual machine run on this computer ? thanks in advance Michael _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
>________________________________________ >From: xen-users-bounces@lists.xensource.com [mailto:xen-users-bounces@lists.xensource.com] On Behalf Of Michael Lessard >Sent: 2006年3月16日 20:58 >To: xen-users@lists.xensource.com >Subject: [Xen-users] Best practice for Dom0 > >Hi everybody !> I would like to know what are the good practice in Dom0 utilisation ...>- Does it prefer that i use Dom 0 only for Xen Hypervisor ?I am not sure if you would like use Dom0 for other purpose, such like a Native Linux. :)>- If yes, how much ram i need to reserv for Dom0 ?It depends. Usually I give 256M memory to my Dom0.>- Are there a link between amount of ram in Dom0 and number of virtual machine run on this computer ?Seemed no relationship. Actually dom0 is one of VM too. The total VM number is related to your whole physical memory and how large for each VM.>thanks in advance>MichaelBest Regards, Yongkang (Kangkang) 永康 _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
>- Does it prefer that i use Dom 0 only for Xen Hypervisor ?Dom0 doesn''t run the hypervisor, it runs *on* the hypervisor; the only difference from other domains is that it''s allowed to access your network, disk, graphics devices directly. But it''s good practice not to run unnecessary services in dom0 - put them in domUs instead. Dom0 has root-equivalent privileges on every domU on the machine.>- If yes, how much ram i need to reserv for Dom0 ?I think 128Meg is solid for a lot of people, but it varies depending on if you''re doing RAM-intensive things in dom0.>- Are there a link between amount of ram in Dom0 and number of virtual >machine run on this computer ?The more RAM you give to dom0, the less RAM is available for other domains. RAM for domUs comes from the host system, not from dom0. Cheers, Mark _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
On Thursday 16 March 2006 3:27 pm, M.A. Williamson wrote:> RAM for domUs comes from the host system, not from dom0.but doesn''t xm need some amount of RAM to back each domU virtual device? if so, with lots of domU''s the memory requirements of dom0 might rise... how much? -- Javier _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Okay, I will try less general answers to your very general questions: Michael Lessard schrieb:>Hi everybody ! > > I would like to know what are the good practice in Dom0 utilisation ... > >- Does it prefer that i use Dom 0 only for Xen Hypervisor ? > >It can e. g. depend on the load you want to place on the domUs and the file system. I am running domUs off LVM devices (with LVM in dom0) and found it to make that more reliable if dom0 does not make much itself AND is dedicated a cpu (on smp servers). That is a load dependent issue. If your domUs are bored altogether or make their cpu share run wild at different times, you might not find any problems with LVM. It especially is a problem when you use the snapshot feature of LVM (which is so handy that I still use it despite those problems). In general you could say: If your domUs do things that put work on dom0 (like using LVM partitions in my case) you might be better off not to use dom0 for anything else.>- If yes, how much ram i need to reserv for Dom0 ? > >I have run dom0 without LVM snapshots with 64 MB of RAM (on Debian Sarge stable with a very basic install). With LVM snapshots they need 256 MB at least. Dirk _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
What about monitoring on domain0 like an snmp client monitoring all the guest domains? Wouldn''t that be an exellent task for domain0? It seems such a waste not to use more resources on domain0 ;-) Thanks, Rene Kogels On Thu, 2006-03-16 at 20:27 +0000, M.A. Williamson wrote:> >- Does it prefer that i use Dom 0 only for Xen Hypervisor ? > > Dom0 doesn''t run the hypervisor, it runs *on* the hypervisor; the only > difference from other domains is that it''s allowed to access your network, > disk, graphics devices directly. > > But it''s good practice not to run unnecessary services in dom0 - put them > in domUs instead. Dom0 has root-equivalent privileges on every domU on the > machine. > > >- If yes, how much ram i need to reserv for Dom0 ? > > I think 128Meg is solid for a lot of people, but it varies depending on if > you''re doing RAM-intensive things in dom0. > > >- Are there a link between amount of ram in Dom0 and number of virtual > >machine run on this computer ? > > The more RAM you give to dom0, the less RAM is available for other domains. > RAM for domUs comes from the host system, not from dom0. > > Cheers, > Mark > > _______________________________________________ > Xen-users mailing list > Xen-users@lists.xensource.com > http://lists.xensource.com/xen-users_______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
i''m an infant as far as linux and xen is concerned, but i would be hesitant to run snmp on the dom0. If smnp was used to exploit this machine the attacker would have access to all my vm''s, could mount and modify vm''s disks or shutdown or create new ones. additionally I keep stuff like make and gcc on my domu which could be an attackers dream. I have seen webbased gui monitoring for xen, but i have not tried any of it. On 3/18/06, Rene <forumuser@kogels.net> wrote:> > What about monitoring on domain0 like an snmp client monitoring all the > guest domains? Wouldn''t that be an exellent task for domain0? > > It seems such a waste not to use more resources on domain0 ;-) > > Thanks, > Rene Kogels > > On Thu, 2006-03-16 at 20:27 +0000, M.A. Williamson wrote: > > >- Does it prefer that i use Dom 0 only for Xen Hypervisor ? > > > > Dom0 doesn''t run the hypervisor, it runs *on* the hypervisor; the only > > difference from other domains is that it''s allowed to access your > network, > > disk, graphics devices directly. > > > > But it''s good practice not to run unnecessary services in dom0 - put > them > > in domUs instead. Dom0 has root-equivalent privileges on every domU on > the > > machine. > > > > >- If yes, how much ram i need to reserv for Dom0 ? > > > > I think 128Meg is solid for a lot of people, but it varies depending on > if > > you''re doing RAM-intensive things in dom0. > > > > >- Are there a link between amount of ram in Dom0 and number of virtual > > >machine run on this computer ? > > > > The more RAM you give to dom0, the less RAM is available for other > domains. > > RAM for domUs comes from the host system, not from dom0. > > > > Cheers, > > Mark > > > > _______________________________________________ > > Xen-users mailing list > > Xen-users@lists.xensource.com > > http://lists.xensource.com/xen-users > > > _______________________________________________ > Xen-users mailing list > Xen-users@lists.xensource.com > http://lists.xensource.com/xen-users >-- Thank you, Frank Di Rocco "Does an optimistic person look at a hard drive as half-full or half-empty?" -ofanged1-at-gmail.com _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
I agree with you that domain0 should be protected as much as possible, so running an SNMP client might not be a very good idea. I wonder how the new gui mgt tool will do this though: http://www.enomalism.com/home.html Rene On Sat, 2006-03-18 at 20:10 -0500, Frank DiRocco wrote:> i''m an infant as far as linux and xen is concerned, but i would be > hesitant to run snmp on the dom0. If smnp was used to exploit this > machine the attacker would have access to all my vm''s, could mount and > modify vm''s disks or shutdown or create new ones. additionally I keep > stuff like make and gcc on my domu which could be an attackers dream. > I have seen webbased gui monitoring for xen, but i have not tried any > of it. > > On 3/18/06, Rene <forumuser@kogels.net> wrote: > What about monitoring on domain0 like an snmp client > monitoring all the > guest domains? Wouldn''t that be an exellent task for domain0? > > It seems such a waste not to use more resources on domain0 ;-) > > Thanks, > Rene Kogels > > On Thu, 2006-03-16 at 20:27 +0000, M.A. Williamson wrote: > > >- Does it prefer that i use Dom 0 only for Xen Hypervisor ? > > > > Dom0 doesn''t run the hypervisor, it runs *on* the > hypervisor; the only > > difference from other domains is that it''s allowed to access > your network, > > disk, graphics devices directly. > > > > But it''s good practice not to run unnecessary services in > dom0 - put them > > in domUs instead. Dom0 has root-equivalent privileges on > every domU on the > > machine. > > > > >- If yes, how much ram i need to reserv for Dom0 ? > > > > I think 128Meg is solid for a lot of people, but it varies > depending on if > > you''re doing RAM-intensive things in dom0. > > > > >- Are there a link between amount of ram in Dom0 and number > of virtual > > >machine run on this computer ? > > > > The more RAM you give to dom0, the less RAM is available for > other domains. > > RAM for domUs comes from the host system, not from dom0. > > > > Cheers, > > Mark > > > > _______________________________________________ > > Xen-users mailing list > > Xen-users@lists.xensource.com > > http://lists.xensource.com/xen-users > > > _______________________________________________ > Xen-users mailing list > Xen-users@lists.xensource.com > http://lists.xensource.com/xen-users > > > > -- > Thank you, > Frank Di Rocco > > "Does an optimistic person look at a hard drive as half-full or > half-empty?" - ofanged1-at-gmail.com > _______________________________________________ > Xen-users mailing list > Xen-users@lists.xensource.com > http://lists.xensource.com/xen-users_______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
On Sat, Mar 18, 2006 at 07:41:02PM +0000, Rene wrote:> What about monitoring on domain0 like an snmp client monitoring all the > guest domains? Wouldn''t that be an exellent task for domain0? > > It seems such a waste not to use more resources on domain0 ;-)You''re not wasting any resources by moving services from dom0 to a domU. Geert _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
On Mon, Mar 20, 2006 at 11:09:20AM +0100, Geert Hendrickx wrote:> On Sat, Mar 18, 2006 at 07:41:02PM +0000, Rene wrote: > > What about monitoring on domain0 like an snmp client monitoring all the > > guest domains? Wouldn''t that be an exellent task for domain0? > > > > It seems such a waste not to use more resources on domain0 ;-) > > You''re not wasting any resources by moving services from dom0 to a domU.Well dom0 has to shuttle network packets between the domU''s, so there is a certain cost to, for example, moving the NFS server from dom0 to a domU. Rich. -- Richard Jones, CTO Merjis Ltd. Merjis - web marketing and technology - http://merjis.com Team Notepad - intranets and extranets for business - http://team-notepad.com _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Concerning CPU I agree, but what about dedicated memory and harddisk space for dom0? On Mon, 2006-03-20 at 11:09 +0100, Geert Hendrickx wrote:> On Sat, Mar 18, 2006 at 07:41:02PM +0000, Rene wrote: > > What about monitoring on domain0 like an snmp client monitoring all the > > guest domains? Wouldn''t that be an exellent task for domain0? > > > > It seems such a waste not to use more resources on domain0 ;-) > > You''re not wasting any resources by moving services from dom0 to a domU. > > Geert > > _______________________________________________ > Xen-users mailing list > Xen-users@lists.xensource.com > http://lists.xensource.com/xen-users_______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users