Hello. I want to buy a workstation specifically for QubesOS.
I have a few questions, but would be happy if you answer at least some of them. Thank you in advance.
Will Qubes recognize and utilize double-cpu configurations? Sometimes it is cheaper to buy a machine with two less powerful Xeons, than one more powerful.
Does it really helps to have something like 20 cores/40 threads? Or is it better to have a cpu with 4/6/8 cores, but with more single core computational power? Does Qubes able to fully utilize all cores that cpu has?
If I go for Xeons, I would need an external GPU. Is it beneficial to have a somewhat powerful one, like rx580, or it doesn’t matter at all, until it supports my desktop resolution (and works fine with Qubes, yes, I know about HCL)?
I want to be able to watch 4k x265 videos, for example, does GPU has anything to do with it? Or with anything at all?
Does using a dedicated GPU is less secure in any way than using integrated graphics?
Is there any difference security-wise between SATA SSD and PCIe SSD?
My questions are not about compatibility, only about security and performance.
AppVMs use a software-only (CPU-based) implementation of OpenGL. It seems one cannot do much about it, since it’s necessary for Qubes OS GUI isolation. Related issue.
Thank you for replying.
I saw that, and I know that Xeons are working okay with Qubes, but in that thread people more discussing Threadrippers in pretty non-standard use cases. My question is more like - are such multicore processors worth it, or is it better to stick with decent Intel Core cpu?
If I understand correctly, that means type of GPU doesn’t matter at all?
So now I’m even more interested in question about Xeons, since they have to handle all the graphics.
I run Qubes 4.1 on 2 Xeon based systems, a Dell 5520 laptop with a 4 core Xeon e3-1505 processor, and a Gigabyte X99 desktop workstation with a 10 core Xeon E5-2687W v3. Both CPU base clock run right at 3 ghz and both systems have 64gb ram., 2 channel vs 4 channel. I frequently have over 20 VMs open. Both systems handle this workload amazingly well, but the desktop with its extra cores and 4 channel RAM performs noticeably better than the laptop.
on edit: The laptop runs Intel 630 integrated graphics and the workstation runs AMD Radeon 7970 GPU
I think the CPU clock speed is important to a snappy desktop experience. Higher is better. Xeons over 3ghz are rare, at least the affordable E5-26XX are. The caveat to high clocks with high cores is heat. You need good cooling for a 160W CPU like the E5-2687w
Xeons are designed for server stability and not high clock speeds and not usually overclock-able, with exception of E5-16XX v3, which has unlocked multiplier but is limited to 8 cores. I have tried another 12 core Xeon CPU on the X99 platform with 2.2ghz clock speed and the experience was sluggish.
From what I have gathered, hardware graphics becomes a security risk when you pass it through to HVM. I don’t do that.
Both my systems have NVME m.2 ssd. and I prefer them to the sata ssd. I have used Sata SSD and it seams less snappy.
It’s interesting that you haven’t said what you want to use the
workstation for, and no one has yet asked you.
I have seen Qubes working with dual CPU systems - I’ve seen Xen working
on multiple CPU, with 1 allocated specifically to dom0. That shouldn’t be
an issue for you.
I don’t believe there is any significant security issue between SATA and
PCI disks.
I never presume to speak for the Qubes team.
When I comment in the Forum or in the mailing lists I speak for myself.
Mostly browsing with hundreds disposable Whonix VMs .
And, as I mentioned before, watching hi-res videos, which is actually the reason why I started to think about an upgrade, because they started to lag lately. That wasn’t the case before, but probably new codecs are more cpu-intensive.
Anyway, when I thought a little more about
I realized that maybe there’s no need for so many cores, because most of the times I don’t do something resource-demanding in many VMs simultaneously. Though I like to keep them started, but that’s probably more of a RAM issue, because cpu resources can be allocated to the VM that I’m actually using.
Maybe I have to go for something overclockable, but with less cores.
You can also pause app VMs or disp VMs relatively safely (now that the semi-random kernel panics on unpause have been resolved). This is useful for watching movies, etc. without having to shut down all other VMs. [Do note that paused VMs cannot return unused memory to other VMs while paused.]
In fact we’ve done family movie night several times on a qubes laptop with paused VMs…I just needed to tap the shift key every once in a while to prevent the screen saver from triggering.
B
PS - RAM is key and while 4 cores works, I’d like at least 8 in any future workstation purchases, particularly due to the overhead of non-GPU 4K video decoding (be sure to use a multiple CPU capable decoder and give it at least 3-4 cores) and the memory buffering required to show the video from a VM.
Take a used Dell T7500 with CPU riser installed.
The 6core Xeons with 32nm are very cheap on the market.
Also DDR3 server memory is cheap on the second hand market.
The T7500 has PS/2! So you can have a USB-VM and you can
use a legacy PS/2 (IBM Model M) keyboard . Also old SCSI can be plugged
as the Dell T7500 has one PCI-X slot, so an Adaptec SCSI-controller pulled
from antique servers can be used to access some legacy hardware with scsi
such as streamers, scanners or the like.
So the only draw back is energy consumption and CPU-speed.
But in order to have many VMs running at the same time one can go for it.
I have (low power) 192GB RAM and 2 “embedded telco” 6core Xeons installed,
so the energy consumption is minimized for this platform.
A graphics board should just be able to serve 4K Video, it does not need to be
fast. So an old AMD Fire W series graphics board with 4 Display-Port connectors
is sufficient as one can connect 4 Full HD monitors, or at least one 4K monitor.
This is an old HCL of the machine before the memory upgrade and the GPU upgrade
(75W AMD Fire W series)
Before I just plugged 2 PCIe graphics boards, and used them with 4 screens together.
AFIK you can not use OpenCL or CUDA (go for AMD as there are good open source drivers, and you want no blobs in qubes) from your graphics, and you are watching only
internal VNC streams in your app windows so all the good stuff of your graphics board
is wasted anyway. So go for old graphics, that were pricy that time as you get good signal quality
Now there is max RAM=192G and the I guess (I am not at the machine right now)
this graphics card installed.
The graphics I bought only because of 4 Display port connectors and a quite low TDP.
The T7500 system works nicely, the VMs all get lots of RAM (>=4G),
so there is no excessive SSD wear from swapping! Best is to disable swapping at all in the /etc/fstab, so the SSDs dont get stressed
too much.
Would be best to disable swapping in the templates at all. RAM or nothing!
“RAM is like engine displacement:
You replace RAM only with more RAM.
So go for a big block engine and
buy the biggest memory modules you can get for your arch”
I’m still looking for a better solution
x230 too old for qubes 4.1 and have small screen for programming,
also painfully for use.
x330 modded better than x230 (because in has nvme and 4-core cpu) but it has 2k screen instead 1080p so HidPI unsuported in Qubes.
P50 and P73 is a real workhorses, run everything without pain but they are too big (desktop replacement)
So my choice is 12 core 16GB RAM modern thinkpad X13 or carbon.
.