From: Pete Herzog (lists@isecom.org)
Date: Fri Aug 17 2007 - 05:34:13 EDT
I have found Xen to be quite capable and we are testing it currently in our
HackerHighschool (HHS) network (www.hackerhighschool.org) to see what kind
of error rates it produces. So far, running 5 servers simultaneously, the
packet errors have only come from incompatibilities between it and the
virtual OS running on it so it's looking great! However I have not tested
it as hosting the system to attack from.
Other choices besides Xen or making an install each time are Live Boot
Disks and BartPE for Windows, ghosting drives, or swappable drives. You
may want to to try L4 as well but I think it may limit the OSes and the
capabilities you can install. The last VMWare we tested was 2 years ago I
think, for HHS, and the error rate was very high. We had it running on a
robust Linux server with 6 ethernet cards so each vhost had its own card
and 1 for accessing the Linux host. The set up itself took a LONG time as I
spent days in VMWare support forums troubleshooting the set-up. I wanted
to make sure the packet loss was not our fault.
Just because something is sold as a solution for something doesn't mean it
works well for the job. Security auditors using virtual hosts to test from
are really screwed up. It means either they never noticed the packet loss
or they never cared-- both tells you bad things about the auditor.
-pete.
www.isecom.org
Peter Manis wrote:
> It just so happens I just converted about 90% of everything I own to
> rackmount and put it in a 42U cabinet, every geeks dream right?
>
> What are good choices for getting the OS as close to metal as
> possible? VMWare Workstation in Windows XP probably wouldn't be a
> good choice, haha, but is VMWare server a good option? Last time I
> looked at Xen it seemed that there were limitations as to what
> versions of Linux you could run, I sure there is a work around though.
> Does the new virtualization technology in processors make a
> difference as to how close different virtualization solutions can get
> to a bare metal equivilent?
>
> Thanks for the great information.
>
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:02 EDT