[clug] VM preferences
Geoff Swan
shinobi.jack at gmail.com
Sun Jun 7 02:57:44 GMT 2009
>David Tulloh wrote:
>I use KVM a little bit these days, I find it works out of the box for me
and runs great, no demanding setup. My use cases don't require particularly
high >performance or odd configurations though.
>From what I understand KVM uses QEMU's frontend, in which case I recommend
it. You also have a nice transition into KVM once you have hardware >that
supports it.
I have started trying to set up a qemu vm for exactly that reason - I am
hoping I can use virsh to connect to it, but its not critical.
>Michael Cohen wrote:
>Geoff,
>I have set up CAs at work using removable USB sticks (or a hard
>disk) with live ubuntu install. This has the advantage that when not
>needed the CA is locked away in a safe - I have lots of easy click
>icons on the desktop for the mostly windows users to feel happy with.
>The other obvious advantage is you dont need any visualization
>software as you can use any machine for a short time.
>I would recommend against virtualizing a CA because the host machine
>still has access to the guest and the security of the host is
>obviously a weak point in securing the CA.
Good point, the thought had crossed my mind that if the host was compromised
then essentially the vm is also compromised. I noticed though that qemu
supports encrypted disk images. I haven't looked closely at the detail - but
perhaps that would offset the risk?? I do like the idea of using the usb
live option if I can find that old drive I had lying around...
Geoff
More information about the linux
mailing list