Xen is one of the most popular virtualization technologies for production work. Building a Xen server is beyond the scope of these articles, but once it is built, creating an IPFire virtual is pretty straight forward. The main problem is deciding whether to build a hardware virtualized platform or using the Xen script on the downloads page to build a paravirtualized system.

HVM vs Paravirt

Paravirtualized (Paravirt) DOMU's use less resources than Hardware Virutalized Machines (HVM), and when hardware was more limited than it is now, there was a good reason to use Paravirts. However, the maintenance is more difficult since a paravirt uses the underlying DOM0's kernel; upgrading the kernel on a paravirt requires updating the underlying DOM0, and the libraries associated with the new kernel must be manually copied to the paravirtualized server.

With HVM, the virtual server (DOMU) is truly independent of the underlying operating system (DOM0). Thus, performing upgrades is the same as with a stand alone physical machine.

This is even more important when installing an appliance such as IPFire as a virtual machine. The developers of IPFire have gone to great lengths to secure the entire distribution, including the kernel and libraries. This security is compromised if the general purpose kernel and libraries of the underlying DOM0 is used.

It is recommended to build IPFire virtual machines only using the HVM model unless you understand the security problems and their solutions.

Edit Page ‐ Yes, you can edit!

Older Revisions • May 5, 2020 at 8:39 am • Michael Tremer