2·
2 months agoI know, yes. But I’m talking about virtualization, not containerizarion
- 0 Posts
- 4 Comments
Joined 9 months ago
Cake day: February 7th, 2025
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
Personally, I want to properly isolate the services with virtualization. The main reason is I expose some of the services online, and I don’t t want to only rely on keeping all software up-to-date at all times. This allows me to limit the damage if one of the services is compromised.
I wouldn’t use MacOS as the virtualization platform, and instead use something else, like BSD, Linux, or xen-based for my servers
Xcp-ng might have the edge against bare metal because Windows uses virtualization by default uses Virtualization-Based Security (VBS). Under xcp-ng it can’t use that since nested virtualization can’t be enabled.
Disclaimer: I’m a maintainer of the control plane used by xcp-ng
Vates demoed on kubecon an ARM workstation running XCP-ng, a xen-based virtualization platform.
https://xcp-ng.org/blog/2025/11/13/xcp-ng-on-arm-with-ampere/
It’s still early days, but I’m hoping it can reach homelabs, the big question being hardware enablement, which is difficult on ARM baseboards due to lack of standardization.
Disclaimer: I work with Vates, and prepared some component to compile under ARM to prepare the demo.