publication croisée depuis : https://lemmy.world/post/16156662
To be completely open, this is not a question about XCP-ng vs Proxmox. I’m open to doing everything in the cli, comparing two platforms is not my intention here.
I’m very interested in the security benefits one has over the other though. AFAIK Xen has a dedicated for security? I’d like to think that both are reasonably secure by default, but I do not get many hits for “KVM hardening”, for example, only OS-level hardening advice.
Do both protect equally against attacks that try to escape the VM? Is there anything in terms of security that one has and the other doesn’t?
I know this is not the usual kind of question that is asked on this sub, any help is greatly appreciated!
Based on this Zen3 benchmark, I’d say somewhere between 40 and 77% for the most impacted workloads tested.
Some tests also run faster without SMT (mostly graphics/AI-on-CPU ones I think) so it really depends on your workload.
On a gaming computer, results seem to vary between -10% to +10% FPS for a Ryzen 9 chip, probably because very few games make good use of that many CPU threads.
If you’re running a small home server or desktop, I’d expect you to throw out a bit less than half the CPU capacity. You do get some of that back in power savings, so if your server is overspecced for your workload, disabling SMT may be interesting regardless of the security aspects.