We run multiple vm's using vmware on 2650 Dell servers. On one system we run around 8 or so windows and linux servers. (Windows is a management/ business decision unfortulately). Yes whilst there is a performance drop. Lets face it linux on systems such as these is way too powerful for the things we do. Ie postfix handling 25000 emails using spamassassin-amavis etc and bind handling thousands of requiests for 30 domains. All on a virtual system with 256MB ram and 1/8th of the sytem resources. We have not knoticed a degridation in the delivery of email. However data is housed on one server dedicated to the task. So horses for courses I would think about what needs to be consolodated and how best to balance the load prior to finding a solution. On another front, perhaps you could look into VMWare as an (expensive) alternative. But for my own. Solaris x86 has always been slower than SPARC versions, not just relating to the cpu performance, and perhps could be considered the poor cousin over at SUN. Thanks Brett Stevens -----Original Message----- From: Mike Tierney [mailto:miket@marketview.co.nz] Sent: Thursday, January 20, 2005 10:11 AM To: 'Brett Stevens' Subject: RE: [suse-security] Extra Chroot protection in SUSE kernels? Thanks Brett I haven't looked too much into UML as I read there's an overhead involved in running a separate copy of the Kernel. Probably not an issue though. Maybe UML is the way to go if I decide to stay with SuSE! Cheers Mike
-----Original Message----- From: Brett Stevens [mailto:brett.stevens@hubbub.com.au] Sent: Thursday, 20 January 2005 11:53 a.m. To: 'Mike Tierney' Subject: RE: [suse-security] Extra Chroot protection in SUSE kernels?
Might be a bit left field but think about user mode linux sles 9 does this quite well. Once you have your uml systems built chroot and secure what you need.
Brett Stevens
-----Original Message----- From: Mike Tierney [mailto:miket@marketview.co.nz] Sent: Thursday, January 20, 2005 8:57 AM To: 'Marcus Meissner' Cc: suse-security@suse.com Subject: RE: [suse-security] Extra Chroot protection in SUSE kernels?
From: Marcus Meissner [mailto:meissner@suse.de] Sent: Wednesday, 19 January 2005 10:43 p.m.
There is no extra chroot protection.
Is there any chance that the tightening up of chroot's might be looked at by the SuSE Security team?
I am just wondering because Solaris 10 x86 (due out this month) has an inbuilt mechanism for walling off applications from the rest of the system (I think it's called "Solaris Containers").
I really like SLES 8, it has run brilliantly for the last 10 months with zero problems, but I'll be making a decision sometime this year to move to either SLES 9 or to Solaris 10 x86. I'll be basing that partly on which one offers more secure encapsulation of multiple applications running on the same server.
I guess another question would be "Is SuSE planning to implement any kind of server virtualization?".
Cheers Mike
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here