If I’m correct, VMs generated on QubesOS are Xen-based, running off the computers bare metal which makes them more secure, right?
Well, I’ve set my eye on XCP-ng, an open-source operating system you install into a server machine
and access remotely from your home computer to create and run xen-based virtual machines from there.
I am using a refurbished Thinkpad with a Linux-Libre distro (no non-free blobs or software at all) and it seems to be the right solution for me if I want to browse the web securely.
Other than being a much more expensive solution, I wonder if anyone can tell me how the two methods of using Xen VMs compare.
I don’t know how your workflow is, but I would assume it’s much more complex than QubesOS’. From the usability perspective, using Qubes is much more convenient, which may lead to better security down the line because the user don’t get overburdened.
Some of the few usability perks by comparison include:
easily see which VM is which (though the colors)
open disposable virtual machines easily (only have you way a few secs). These can be done for example on thunderbird (open attachment in disposableVM) or in the file manger.
The Qubes RPC is super nice for making VMs interact in very strict ways.
updates are centralized (kind of). Because of the templates mechanism you don’t have to update every single VM (just the templates).
Again, the templates mechanism lets you switch the OS for a virtual machine in an instant.
And I could probably go on.
Also your config sounds a bit like the direction Qubes is moving towards:
XCP-ng and Qubes OS are very different things, let’s clear up terminology:
Xen: A hypervisor providing virtualization
XenServer: a commercial offering by Citrix that uses Xen to build a virtualization platform, now called Citrix Hypervisor
XCP-ng: an open-source virtualization platform that also uses Xen
Qubes OS: a phenomenal, ground-breaking, reasonably secure, single-user operating system that uses Xen
And for comparison sake,
KVM: An alternative hypervisor providing virtualization
ProxMox: virtualization platform using KVM
In most basic terms, XCP-ng, XenServer, ProxMox - these are things you install on one or more physical machines which then allows provisioning as many virtual machines as the hardware can handle. This is commonly used in lab environments, home labs, or even some VPS environments. The goal is, provision a VM, give it an IP, run a web server or ssh into it and do things. Or enable remote desktop and use it as if it was physical. It’s typically accessed over a network.
With Qubes OS, the goal is primarily a single-user desktop environment, that uses virtualization to accomplish the goal of a secure system through isolation. For example, read your email in one window, click an attachment and the attachment opens in another window…and each of these windows is technically in a separate VM but all shows up on the desktop in a seamless desktop environment. This is one example of the special sauce of Qubes, but there are many others.
So instead of looking at Qubes as a collection of VMs (like XCP-ng), think of Qubes as a collection of activities that are isolated by VMs.