live4fun
August 25th, 2009, 04:22 AM
I am thinking about improving the stability/security of my system by putting a few services into KVM guest.
My intend would be to have a minimal KVM host with command line only (no Xserver no GUI) and have serveral KVM guest run on it. A Fileserver, a VDR and a GUI System I would use for everyday Mail, Surfing, Programming.
Is it possible to install a minimal command line base system and from within this minimal system to start a guest that starts an Xserver and natively displays on my monitor?
I don't want to install X in the host and connect via VNC or X-Forward. I want only the GUI guest to have a Xserver and natively take the graphics card if possible.
I think that would be best, as it should provide maximum security to my host system which only runs the absolute necessary services (just SSH server). Only SSH and an always up-to-date Kernel should make it a very secure base my guest can rely on.
Afaik it is most important to have a stable host as it is a single point of failure if somebody can hack it. If a VM is hacked it is separated from the others and the host. If the host is hacked all VMs are open to the intruder. That's what I understood.
I didn't use KVM or XEN so far only Paralles, VMWare etc. All started from within GUI.
What do you think. Is it possible to realize something like I tried to explain above?
What would be your approach to have only one machine running your workstation for daily use as well as server you want to be accessible from the internet?
I am eager to learn from your experience.
My intend would be to have a minimal KVM host with command line only (no Xserver no GUI) and have serveral KVM guest run on it. A Fileserver, a VDR and a GUI System I would use for everyday Mail, Surfing, Programming.
Is it possible to install a minimal command line base system and from within this minimal system to start a guest that starts an Xserver and natively displays on my monitor?
I don't want to install X in the host and connect via VNC or X-Forward. I want only the GUI guest to have a Xserver and natively take the graphics card if possible.
I think that would be best, as it should provide maximum security to my host system which only runs the absolute necessary services (just SSH server). Only SSH and an always up-to-date Kernel should make it a very secure base my guest can rely on.
Afaik it is most important to have a stable host as it is a single point of failure if somebody can hack it. If a VM is hacked it is separated from the others and the host. If the host is hacked all VMs are open to the intruder. That's what I understood.
I didn't use KVM or XEN so far only Paralles, VMWare etc. All started from within GUI.
What do you think. Is it possible to realize something like I tried to explain above?
What would be your approach to have only one machine running your workstation for daily use as well as server you want to be accessible from the internet?
I am eager to learn from your experience.