Dom0 Disaggregation

From Xen
Revision as of 18:50, 17 August 2016 by Cwc22 (talk | contribs) (Add reference to OpenXT)

Dom0 Dissaggregation

The Dom0 or control domain has traditionally been a monolithic privileged virtual machine. However, the original intention was for Dom0 to be carefully broken into several privileged service domains - termed Dom0 disaggregation. Qubes OS, OpenXT, Citrix XenClient, and Xoar have made the case for more disaggregation of Dom0 for purposes of better security, reliablity, isolation, and auditability.

Xoar architecture.jpg


In Practice

"Although domain 0 disaggregation is not new it is seldom used in practise and much of its use is focussed on providing enhanced security. Citrix XenServer will be moving towards a disaggregated domain 0 in order to provide better security, scalability, performance, reliability, supportability and flexibility."

Project “Windsor”: Domain 0 Disaggregation for XenServerXCP:

References