Once Dom0 is compromised a KVM (especially is virt-IO form) is just as vulnerable as Xen. While it's true that Xen is less of a clean solution (given the Hypervisor -> Dom0 -> DomU structure) it also has a number of built-in advantages (Cleaner implementation of PCI-backend) - let alone that fact that many desktops and netbook (or even low-end servers) lack VT extension (or have partial/outdated ones).
Originally Posted by brent
Wrong. The Xen Linux Dom0 is close to being fully integrated into the vanilla kernel.
It's a megabyte-sized kernel patch for fucks sake. That's also why it still isn't part of vanilla Linux.
Keep in mind that compared to the Linux/KVM, the Xen hypervisor is far smaller.
I fully agree.
There are lots of hardware compatibility issues as well (dom0): ACPI often doesn't work correctly, many drivers don't work right, etc.; that's why XenSource has to provide a compatibility list.
But keep in mind that once Xen Dom0 under Linux becomes "free" (making it far easier for distribution to ship it) this may improve considerably (nVidia - I'm looking at you!).
I do agree that as it stands, KVM looks far better (on VT-capable hardware).
However, as a stable long term solution, I prefer the dedicated hypervisor approach - especially if you VM server is also acting as a bleeding edge desktop.
DEV: Intel S2600C0, 2xE52658V2, 32GB, 4x2TB + 2x3TB, GTX780, F21/x86_64, Dell U2711.
SRV: Intel S5520SC, 2xX5680, 36GB, 4x2TB, GTX550, F21/x86_64, Dell U2412..
BACK: Tyan Tempest i5400XT, 2xE5335, 8GB, 3x1.5TB, 9800GTX, F21/x86-64.
LAP: ASUS N56VJ, i7-3630QM, 16GB, 1TB, 635M, F21/x86_64.