That is interesting, Leland. Guess there's no question as to the doability.
They say they cover the "any OS" part pretty clearly, and it is a native OS
without a host.

What I don't see is any mention of security from attacks, which I'd think
would be a heralded feature of such a VM.

I'm too booked to take on another project now, but I am following this
subject with great interest for the longer term.


Bill

I downloaded the Xen iso and burned it into a DVD. The size
of the iso was about 698 megs. I booted the DVD and
selected the X86 OS version from the grub menu, which
brought up a Linux OS with a Debian icon. The Xen gui
automatically opened in the Debian desktop. I then opened
a Ubuntu guest using the Xen gui VM manager, and it worked
OK. I'll have to set aside some additional time to explore
it further.

The below excerpt regarding security is from the Xen FAQs:

#----------------------


Q: What is the Xen approach to security?
A: Xen supports absolute resource isolation between domains
meaning it has the highest level of separation and security
possible in i386 class hardware. You won't, for example, be
able to tcpdump on a virtual host and see traffic intended
for other virtual hosts. Additionally, Xen’s code base is
very small – under 50,000 lines for the core hypervisor.
This allows the security community to verify its security
continually. More importantly, Xen can use hardware security
capabilities, such as Trusted Platform Modules (TPMs) to
build a layer of attestation and trust up from the hardware,
through the software. XenSource demonstrated a secure
hypervisor at Intel Developer Forum in August 2005. The
secure solution is an integration of the Xen hypervisor with
the market leading open source Snort Intrusion Detection
System. By embedding security capabilities into the
hypervisor, users receive a powerful new ability to
implement the same security policies across the virtualized
enterprise, independent of the operating system. Moreover,
the hypervisor can ensure that even legacy guests that have
not been patched will be protected. Xen can even prevent a
compromised virtual machine from attacking other virtual or
physical servers in the enterprise by blocking its network
traffic.

Finally, XenSource, IBM and Intel are collaborating on a
project to deliver a key security capability using Xen.
So-called multi-layer secure systems (MLS) allow the
hypervisor and its security to be independently managed,
monitored and controlled from that of the guests –
effectively providing yet another layer of independent
security, outside the guest operating system.

http://staging.xen.org/about/faq.html

#--------------------

Regards,

LelandJ
[excessive quoting removed by server]

Christof,
I see, http://www.vmware.com/vmwarestore/vsphere_purchaseoptions.html

If VM does turn out to be the best solution for protection from attacks,
then I imagine there will be more competition in that area and prices will
drop.


Bill

I have not tried it in practice.

I might be cheaper to do a down and dirty upgrade to VFP