[cfgeeks] And Xen what happened?

[Kevin Korb]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I thought about doing something like that but didn't really like the
idea.

Then I read this:
http://kerneltrap.org/OpenBSD/Virtualization_Security

I do plan to make my firewall/router system diskless at some point
though.  An old CPU with no disks doesn't take up much power.

- -- 
~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~
 	Kevin Korb			Phone:    (407) 252-6853
 	Systems Administrator		Internet:
 	FutureQuest, Inc.		Kevin at FutureQuest.net  (work)
 	Orlando, Florida		kmk at sanitarium.net (personal)
 	Web page:			http://www.sanitarium.net/
 	PGP public key available on web site.
~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~

On Mon, 17 Dec 2007, Shawn McMahon wrote:

> Date: Mon, 17 Dec 2007 15:53:35 -0500
> From: Shawn McMahon <syberghost at gmail.com>
> To: Central Florida Geeks <cfgeeks at mail.cfgeeks.org>
> Subject: [cfgeeks] And Xen what happened?
> 
> So what do you guys think of this idea:
>
> Beef up my Linux server as far as it will go on RAM.  Install Xen.  Add
> OpenBSD as guest OS, giving it control of two of the NICs.  The host
> Linux OS takes a third NIC.
>
> The OpenBSD box redirects inbound SSH traffic from the WAN to the Linux
> box, and does the same on the LAN; the only way to get in is to log in
> on a virtual interface on the Linux server.  This way I get the security
> of Korb's setup, but save on power and cooling.
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7-ecc0.1.6 (GNU/Linux)

iD8DBQFHZviGVKC1jlbQAQcRAnqlAJ4pwlRBBMQAGdVLltxf9/gr9ymXwACeK13z
MXApsGgMTWMI2aLrDOU5ke8=
=//Wb
-----END PGP SIGNATURE-----