Dom0 Disaggregation

From Xen
Jump to: navigation, search

Dom0 Disaggregation

The Dom0 or control domain has traditionally been a monolithic privileged virtual machine. However, the original intention was for Dom0 to be carefully broken into several privileged service domains - termed Dom0 disaggregation. Qubes OS, OpenXT, Citrix XenClient, and Xoar have made the case for more disaggregation of Dom0 for purposes of better security, reliablity, isolation, and auditability.

Xoar architecture.jpg


In Practice

The OpenXT project, derived from the original Citrix product XenClient XT, offers a disaggregated networking stack and isolated network driver domains.

Qubes OS is similarly pursuing a disaggregated architecture for a desktop system.

The Citrix XenServer organization has made steps towards disaggregation, with the Windsor architecture project.

"Although domain 0 disaggregation is not new it is seldom used in practise and much of its use is focussed on providing enhanced security. Citrix XenServer will be moving towards a disaggregated domain 0 in order to provide better security, scalability, performance, reliability, supportability and flexibility."

Project “Windsor”: Domain 0 Disaggregation for XenServerXCP:

A more recent update indicates that the Windsor project is now viewed more as technology development than productization:


References