Re: Deployment usage and performance of a network domain

From: Kashyap Thimmaraju <kashyap.thimmaraju@sec.t-labs.tu-berlin.de>
To: Dario Faggioli <dario.faggioli@citrix.com>, xen-devel@lists.xen.org
Cc: George Dunlap <george.dunlap@citrix.com>
Subject: Re: Deployment usage and performance of a network domain
Date: Mon, 12 Jun 2017 10:18:54 +0200	[thread overview]
Message-ID: <593E4E6E.7020303@sec.t-labs.tu-berlin.de> (raw)
In-Reply-To: <1496941648.26212.4.camel@citrix.com>

[-- Attachment #1: Type: text/plain, Size: 2590 bytes --]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi Dario,

Thank you for your answer.

On 08.06.2017 19:07, Dario Faggioli wrote:
> I'm not aware of any cloud providers doing that (but, that's
> mostly because there's not much info about how cloud providers
> configure their infrastructure).
This is true, and I agree there is little to no information on how
cloud providers deploy their virtualized infrastructure. I thought it
would be worth asking on the forum though.
> 
> Driver domains and stubdomains are hugely used in contexts
> targeting really strong security, like Qubes and OpenXT:
> 
> https://www.qubes-os.org/ http://openxt.org/
> 
> Qubes targets laptops. I've tried it on mine, which is quite old,
> and the drop in perf, e.g., wrt a regular (as in, one that does not
> use virtualization at all) Linux desktop, although present, I don't
> think it comes too much from the driver domain(s).
> 
> I haven't run any benchmarks with it, but despite (as I said) the 
> laptop being quite old, the system is definitely usable.
Thanks. I looked for a performance evaluation of such an architecture
but did not find anything. It would be good to know if there are some
meaningful numbers. The openxt example of having dedicated virtual
network domains for clients is indeed a good one but I could not find
any performance evaluation on that. Would you or anybody here happen
to know where I can find such information? The 2016 summit does not
have anything on it either.
> 
> I know less of OpenXT. The picture int the front page mentions
> multi- tenancy (although, it also mention 'clients').
Thanks for sharing those two links. They are indeed similar to what I
am looking for. The openxt webpage has several links on related tech.
as well which I found useful. That's actually where I found the link
to George Dunlap's presentation.

Thanks,
- -- 
Kashyap Thimmaraju <kashyap.thimmaraju@sec.t-labs.tu-berlin.de>
Security in Telecommunications <sec.t-labs.tu-berlin.de>
TU Berlin / Telekom Innovation Laboratories
Ernst-Reuter-Platz 7, Sekr TEL 16 / D - 10587 Berlin, Germany
Phone: +49 30 8353 58351
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJZPk5uAAoJEKEOZw+VIHXNBngH/039UfIoVH1FKTSr6qKMjuIS
zLThT9RoTVzmTw2nQfVmAYwNw65Z1UOVP2mZcRbR1dFKKfzT9pzrmKZb8RNmd4jc
6yiuMnURv/R0M0kyVHlhEv5bdlbJTfXIK+K7vq8RY0xR/vnI6m5Cyc0ZzBb5XNis
/3YQL/HTSb502+g51zU91SogqFY+F9lcGA5yvkEY5ZU4P5SL7ZiAxrReOq0aeR1h
XQyhsVRE9GWKjluR3P5LsqNrydQfE8oOV9910VeB1VUYwNXfH5HUmA/uwdNBeL4v
JqMF6+kXSoBHI+uszo0hsPA4ewSxiXbtuRceQb7UaIX8zy3AOrc7ajLR7S7cuEU=
=9cRD
-----END PGP SIGNATURE-----

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: kashyap_thimmaraju.vcf --]
[-- Type: text/x-vcard; name="kashyap_thimmaraju.vcf", Size: 4 bytes --]

null

[-- Attachment #3: Type: text/plain, Size: 127 bytes --]

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel