zlacker

[parent] [thread] 8 comments
1. Dracop+(OP)[view] [source] 2022-07-09 19:29:00
I don't known of this works with all your criteria, but you might want to go with UnRaid or Proxmox or a Type 1 hypervisor like vSphere/ESXi or Xen.
replies(2): >>neodym+S1 >>tryauu+n2
2. neodym+S1[view] [source] 2022-07-09 19:41:56
>>Dracop+(OP)
Maybe Fedora with Xen is the route I should try, assuming I can give the Windows VM full GPU pass-through and use it as a "primary" machine. I need to be able to screenshare almost daily via Zoom.
replies(2): >>hsbaua+s8 >>Dracop+x8
3. tryauu+n2[view] [source] 2022-07-09 19:44:59
>>Dracop+(OP)
I don't get the distinction between type 1 and type 2.

E.g. xen is type 1 and KVM is type 2. But at the end of the day it's a Linux kernel in both cases that runs the virtual machines, so what's the point of distinction?

replies(2): >>simcop+74 >>transp+T7
◧◩
4. simcop+74[view] [source] [discussion] 2022-07-09 19:55:34
>>tryauu+n2
It's what runs above the vms that is the distinction. For xen it has its own kernel instead of running Linux as the hypervisor and host system. Xen still uses Linux typically as the domain zero as it calls it for doing control and setup but it doesn't necessarily have full access to all the hardware on its own.
replies(1): >>tryauu+2Z1
◧◩
5. transp+T7[view] [source] [discussion] 2022-07-09 20:22:27
>>tryauu+n2
It's about reducing the size and attack surface of the most-privileged code which runs in the system, e.g. moving code out of the kernel, making hypervisor/VMM smaller, nested VMs, hardware enclaves. This video covers some of the changes over the last decade, including Xen and Bromium, https://youtube.com/watch?v=bNVe2y34dnM
◧◩
6. hsbaua+s8[view] [source] [discussion] 2022-07-09 20:26:51
>>neodym+S1
I use vbox regularly on a Linux host, it’s not seamless but it works okay. I have custom built vm images with packer that do things like enable auto login and disable screensaver (these don’t matter on a vm, your host is where they should happen). I don’t need gpu so the vbox drivers suffice, but if I did I would probably consider getting a quadro or something and doing pci pass through (not even sure if vbox supports this)

As a cautionary though, vms are a good boundary but not a comprehensive one. If your threat model includes execution of 0day exploits (malware analysis or browser exploit chains) that can breach hypervisor perimeters you shouldn’t be doing anything sensitive from the host. RDP is better, but iirc there are some case studies of execution on the rdp client.

◧◩
7. Dracop+x8[view] [source] [discussion] 2022-07-09 20:27:12
>>neodym+S1
GPU Passthrough can be solved with LookingGlass (https://looking-glass.io/) if you just want a solve that particular problem. I'm not sure how well it works on a laptop but if you have a dedicated graphics card (e.g. Nvidia) you should theoretically be able to get it working the way you want. I'm sorry for the lack of elegant all-in-one packages. I too wish for an Excalibur of VM solutions.
◧◩◪
8. tryauu+2Z1[view] [source] [discussion] 2022-07-10 16:22:53
>>simcop+74
I can't find information online. Does xen really has it's own, written from scratch kernel or is it based on some other os?
replies(1): >>simcop+G32
◧◩◪◨
9. simcop+G32[view] [source] [discussion] 2022-07-10 16:50:42
>>tryauu+2Z1
Completely it's own from scratch. It's a very simple, relative to full Linux or other OS, kernel/hypervisor. It's built to load what it calls the Dom0 system, which it gives a communication channel to to start up other virtual systems that it calls DomU. This in theory lets you use any OS as the Dom0 for initializing everything (Linux, *BSD, even Windows I think) as long as there's some kind of support for that communications channel to tell the Xen kernel to start up another system.

https://wiki.xenproject.org/wiki/Xen_Project_Software_Overvi...

[go to top]