Re: Xen support on Squeeze
On Sun, Jan 03, 2010 at 12:47:54PM +0800, Paul Wise wrote:
> On Sun, Jan 3, 2010 at 9:01 AM, Brian May <firstname.lastname@example.org> wrote:
> > 1) I believe Xen, with paravirtualization (that is without QEMU) is more secure
> > then KVM (or Xen) with QEMU.
> I haven't heard this claim before, do you have any references to support this?
Xen guests (domUs) communicate only with Xen hypervisor, and the guests
are totally separated from each other and dom0. Xen hypervisor then passes
IO requests to/from dom0 for disk/net.
Also if running HVM guests the qemu-dm emulator binary can be run in a 'stubdom',
so qemu can be put into it's own/private guest to get it out of dom0..
this makes HVM guests communicate with dom0 in the same way as PV guest would.
Some people prefer these models, instead of the KVM model where guests
are directly running on the host kernel.