[clug] VM preferences

[Geoff Swan]

>David Tulloh wrote:
>I use KVM a little bit these days, I find it works out of the box for me
and runs great, no demanding setup.  My use cases don't require particularly
high >performance or odd configurations though.

>From what I understand KVM uses QEMU's frontend, in which case I recommend
it.  You also have a nice transition into KVM once you have hardware >that
supports it.

I have started trying to set up a qemu vm for exactly that reason - I am
hoping I can use virsh to connect to it, but its not critical.

>Michael Cohen wrote:
>Geoff,
>I have set up CAs at work using removable USB sticks (or a hard
>disk) with live ubuntu install. This has the advantage that when not
>needed the CA is locked away in a safe - I have lots of easy click
>icons on the desktop for the mostly windows users to feel happy with.
>The other obvious advantage is you dont need any visualization
>software as you can use any machine for a short time.

>I would recommend against virtualizing a CA because the host machine
>still has access to the guest and the security of the host is
>obviously a weak point in securing the CA.

Good point, the thought had crossed my mind that if the host was compromised
then essentially the vm is also compromised. I noticed though that qemu
supports encrypted disk images. I haven't looked closely at the detail - but
perhaps that would offset the risk?? I do like the idea of using the usb
live option if I can find that old drive I had lying around...

Geoff