From what I understand of the vulnerabilities, no – the speculative caching attacks bypass all of the CPU’s protections against a process grabbing memory from whatever arbitrary address. I believe this would include the neighbor VMs (even those patched to protect against the attack themselves) as well as the hypervisor’s kernel memory space – but … Read more
http://arpnetworks.com/ gives very affordable VPS solutions. You get VNC and serial console access, and can boot off an unmodified FreeBSD-8.0 release DVD in the “tray”, so you can rewrite your boot disk to your heart’s content. Very happy with them.
The specifics depend on which exact virtualization solution you use, but the idea is that you have a virtual farm, where there are a number of physical hosts with several virtual machines each. You then use some of the efficiency you gained by not needing a physical host for every VM so that you have … Read more
The critical detail is that the page you’ve referenced is about creating a new Compute Engine machine image. Specifically, when you create a new virtual machine image, you want to ensure it does NOT include any host keys. That way, when the image is cloned and reconstituted into an actual VM, the sshd startup script … Read more
Since cloud-init 0.7.5 (released on Apr 1 2014), all output from cloud-init is captured by default to /var/log/cloud-init-output.log. This default logging configuration was added in a commit from Jan 14 2014: # this tells cloud-init to redirect its stdout and stderr to # ‘tee -a /var/log/cloud-init-output.log’ so the user can see output # there without … Read more
In order to accomplish what you wish, you need to do two different things Change sshd config to accept passwords I shall say first of all that it’s a bad idea to do this, I would rather generate a certificate for your user than activate passwords, nonetheless if you want to do so just edit … Read more
I use ec2-consistent-snapshot ( http://alestic.com/2009/09/ec2-consistent-snapshot ) to take my snapshots (on RHEL/CentOS derived Amazon’s Linux) – it is written in Perl and uses the API directly. You specify the volumes you want to snapshot and it allows you to add a description. (In AWS console you can add tags if you need finer grained control, … Read more
I am going to orient this answer as if the question was “what are the advantages of chef-solo” because that’s the best way I know to cover the differences between the approaches. My summary recommendation is in line with others: use a chef-server if you need to manage a dynamic, virtualized environment where you will … Read more
Update AWS has enabled this feature in the EC2 API. It is available as the –virtualization-type option to aws ec2 register-image in the new Boto based awscli. Original answer Yes! Unfortunately, there is not a direct way to do so. Also, some PV instances may need kernel and bootloader modifications. Create a volume from your … Read more
The typical experience for a general purpose server workload on a bare metal\Type 1 Hypervisor is around 1-5% of CPU overhead and 5-10% Memory overhead, with some additional overhead that varies depending on overall IO load. That is pretty much consistent in my experience for modern Guest OS’s running under VMware ESX\ESXi, Microsoft Hyper-V and … Read more