[colug-432] Cloud-based nested virtualization or other "wrapping" alternatives

Jeff Frontz jeff.frontz at gmail.com
Tue Jun 21 11:41:50 EDT 2016


I need to run a legacy distribution (Fedora Core 7, 32-bit) as a
development/test environment (connecting to it via VPN or ssh).  Since this
old distribution won't be getting any patches/updates, there is the
potential for some yet-to-be-announced security hole that allows remote
access.

My thought is to run the legacy distribution on a VM (say, under kvm)
inside another instance of a more modern distribution -- using the
encapsulating host's security to protect the legacy instance from the
outside world.  The only access to the legacy instance would be from the
modern instance (an encapsulating bastion host, if you will).

I was hoping to find a hosting service that would enable something like
this -- are there any that enable virtualization for use by the hosted
client?  Or does that not even make any sense (e.g., maybe the
virtualization primitives cede too much control of the physical system?)?

Other virtualization techniques (e.g., running the legacy instance in
virtual box on the modern instance or UML) suffer from too much of a
performance hit to make them viable.

Is there some other hosting technique that allows for some sort of wrapping
of an instance running an older distribution (but with well-defined and
well-maintained ssh and VPN infrastructure)?

Or should I give up and just run the legacy instance on a physical system
that only has (physical) network access from a suitably hardened system?

Thanks,
Jeff
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.colug.net/pipermail/colug-432/attachments/20160621/ad07f3f3/attachment.html 


More information about the colug-432 mailing list