Xen Project Hypervisor: Difference between revisions

Line 1:

[[File:Xen-project-logo.png|thumb|The Xen Project Logo]]

The [https://xenproject.org/ Xen Project Hypervisor] is an open-source type-1 virtual machine manager, which allows multiple virtual machines, known as domains, to run concurrently with the host on the physical machine. This is unlike a typical type-2 hypervisor, like QEMU, where the virtual machines run as applications on top of the host. NixOS runs as the privileged Domain 0, and can paravirtualise or fully virtualise Unprivileged Domains (<code>domUs</code>).

The [https://xenproject.org/ Xen Project Hypervisor] is an open-source type-1 virtual machine manager, which allows multiple virtual machines, known as domains, to run concurrently with the host on the physical machine. This is unlike a typical type-2 hypervisor, like QEMU, where the virtual machines run as applications on top of the host. NixOS runs as the privileged Domain 0, and can paravirtualise or fully virtualise Unprivileged Domains (<code>domUs</code>).

Xen is well-known for its [https://xenbits.xenproject.org/xsa impeccable security record], and is the go-to solution for hyper-scale cloud infrastructures.

== ~~NixOS~~ Installation ==

== Installation ==

Since [https://nixos.org/manual/nixos/unstable/release-notes#sec-release-24.11-highlights NixOS 24.11], installing the Xen Hypervisor is as simple as adding the following to your [[Overview_of_the_NixOS_Linux_distribution#Declarative_Configuration|NixOS configuration]]:

Line 16:

After a successful reboot, you should now be using a Xen EFI kernel, and Xen's usual commands, such as <code>xl</code>, will begin working. Right after a fresh boot, there's usually only a single domain (virtual machine) running: the Domain 0.

== About the Domain 0 ==

=== About the Domain 0 ===

The Domain 0, generically known as the host machine, is the most important virtual machine in a Xen system. It is responsible for orchestrating the Unprivileged Domains, and housing the Linux kernel version that interacts with the bare-metal hardware. Here, you can use LibXenLight, Xen's main command-line interface, through the aforementioned <code>xl</code> command. See the manual page {{man|xl|sec=1}} for usage information.

Line 23:

{{Security Warning|If the Domain 0 is compromised by an attacker, then the entire server running Xen should be considered compromised. It is recommended that the NixOS installation running in the host VM is kept as minimal and up-to-date as possible. Avoid packages with large attack services, such as desktop environments, run every user-facing service in an unprivileged domain, and if you're under a lax firewall, consider denying network access to and from Domain 0.|heading=Domain 0 has special security considerations.}}

==~~= Additional~~ Configuration ===

== Configuration ==

There are many options available for configuring the Domain 0. Here is a recommended non-default configuration:

@@ Line 1: / Line 1: @@
 [[File:Xen-project-logo.png|thumb|The Xen Project Logo]]
-The [https://xenproject.org/ Xen Project Hypervisor] is an open-source type-1 virtual machine manager, which allows multiple virtual machines, known as domains, to run concurrently with the host on the physical machine. This is unlike a typical type-2 hypervisor, like QEMU, where the virtual machines run as applications on top of the host. NixOS runs as the privileged <b>Domain 0</b>, and can paravirtualise or fully virtualise Unprivileged Domains (<code>domUs</code>).
+The <strong>[https://xenproject.org/ Xen Project Hypervisor]</strong> is an open-source type-1 virtual machine manager, which allows multiple virtual machines, known as domains, to run concurrently with the host on the physical machine. This is unlike a typical type-2 hypervisor, like QEMU, where the virtual machines run as applications on top of the host. NixOS runs as the privileged <b>Domain 0</b>, and can paravirtualise or fully virtualise Unprivileged Domains (<code>domUs</code>).
 Xen is well-known for its [https://xenbits.xenproject.org/xsa impeccable security record], and is the go-to solution for hyper-scale cloud infrastructures.
-== NixOS Installation ==
+== Installation ==
 Since [https://nixos.org/manual/nixos/unstable/release-notes#sec-release-24.11-highlights NixOS 24.11], installing the Xen Hypervisor is as simple as adding the following to your [[Overview_of_the_NixOS_Linux_distribution#Declarative_Configuration|NixOS configuration]]:
@@ Line 16: / Line 16: @@
 After a successful reboot, you should now be using a Xen EFI kernel, and Xen's usual commands, such as <code>xl</code>, will begin working. Right after a fresh boot, there's usually only a single domain (virtual machine) running: the Domain 0.
-== About the Domain 0 ==
+=== About the Domain 0 ===
 The Domain 0, generically known as the <b>host machine</b>, is the most important virtual machine in a Xen system. It is responsible for orchestrating the Unprivileged Domains, and housing the Linux kernel version that interacts with the bare-metal hardware. Here, you can use LibXenLight, Xen's main command-line interface, through the aforementioned <code>xl</code> command. See the manual page {{man|xl|sec=1}} for usage information.
@@ Line 23: / Line 23: @@
 {{Security Warning|If the Domain 0 is compromised by an attacker, then the entire server running Xen should be considered compromised. It is recommended that the NixOS installation running in the host VM is kept as minimal and up-to-date as possible. Avoid packages with large attack services, such as desktop environments, run every user-facing service in an unprivileged domain, and if you're under a lax firewall, consider denying network access to and from Domain 0.|heading=Domain 0 has special security considerations.}}
-=== Additional Configuration ===
+== Configuration ==
 There are many options available for configuring the Domain 0. Here is a recommended non-default configuration: