Manualshelf

Installation guide

ManualsBrandsRed Hat ManualsComputer equipmentENTERPRISE LINUX 5 - VIRTUALIZATION GUIDE
11121314151617181920
Virtualization security features
7
Storage volumes are presented to virtualized guests as local storage devices regardless of the
underlying hardware.
For more information on storage and virtualization refer to Part V, “Virtualization storage topics”.
1.6. Virtualization security features
SELinux
SELinux was developed by the US National Security Agency and others to provide Mandatory Access
Control (MAC) for Linux. All processes and files are given a type and access is limited by fine-grained
controls. SELinux limits an attackers abilities and works to prevent many common security exploits
such as buffer overflow attacks and privilege escalation.
SELinux strengthens the security model of Red Hat Enterprise Linux hosts and virtualized Red Hat
Enterprise Linux guests. SELinux is configured and tested to work, by default, with all virtualization
tools shipped with Red Hat Enterprise Linux 6.
For more information on SELinux and virtualization, refer to Section 16.2, “SELinux and virtualization”.
sVirt
sVirt is a technology included in Red Hat Enterprise Linux 6 that integrates SELinux and virtualization.
sVirt applies Mandatory Access Control (MAC) to improve security when using virtualized guests. sVirt
improves security and hardens the system against bugs in the hypervisor that might be used as an
attack vector for the host or to another virtualized guest.
For more information on sVirt, refer to Chapter 17, sVirt.
1.7. Migration
Migration is the term for the process of moving a virtualized guest from one host to another. Migration
can be conducted offline (where the guest is suspended and then moved) or live (where a guest is
moved without suspending).
Migration is a key feature of virtualization as software is completely separated from hardware.
Migration is useful for:
Load balancing - guests can be moved to hosts with lower usage when a host becomes overloaded.
Hardware failover - when hardware devices on the host start to fail, guests can be safely relocated
so the host can be powered down and repaired.
Energy saving - guests can be redistributed to other hosts and host systems powered off to save
energy and cut costs in low usage periods.
Geographic migration - guests can be moved to another location for lower latency or in serious
circumstances.
Migration only moves the virtualized guest's memory. The guest's storage is located on networked
storage which is shared between the source host and the destination.
Shared, networked storage must be used for storing guest images. Without shared storage migration
is not possible. It is recommended to use libvirt managed storage pools for shared storage.