[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] nested virtualizaiton test report for Xen 4.3-RC1

On Thu, Jun 27, 2013 at 12:37:56PM +0100, George Dunlap wrote:
> On Fri, May 10, 2013 at 12:07 PM, Ren, Yongjie <yongjie.ren@xxxxxxxxx> wrote:
> > Hi All,
> > This the a nested virtualization test report for Xen 4.3-RC1 on Intel 
> > hardware. We use Linux 3.9.1 as Dom0.
> > a. Virtual EPT and VMCS shadowing features can work fine.
> > b. Xen, KVM and VMware can basically work on top of L0 Xen.
> > c. 32bit/64bit Linux and Windows are covered as L2 guests.
> 
> Sorry I just saw this -- thanks for the nice enumeration.
> 
> Two questions.  First, I don't see the Win7 "XP compatibility mode" on
> this list -- that would be L0 Xen, L1 Win7, L2 XP.  This seems like
> probably the most likely actual real-world use of nested virt.  Is
> that on your radar at all?
> 
> Secondly, what do you think is the primary use case for Xen-on-Xen (or
> KVM-on-Xen, &c)?  Who would want to use it and why?
 
One use case is u-Xen (used by Bromium) on XenClient XT.

Who could use it: XC-XT users who isolate VM workloads of different security 
levels, who want to isolate specific tasks (e.g. web browsing) within a single 
VM.

Why would they use it? For defense in depth, XC-XT could provide VM isolation 
(boot-time TXT measured launch and VT-d isolation of NICs) while u-Xen could 
provide run-time task separation within an isolated VM.

Rich

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.