Git-Mirrors/qubes-doc
1
0
Fork 0
mirror of https://github.com/QubesOS/qubes-doc.git synced 2024-10-01 01:25:40 -04:00
Code Issues Packages Projects Releases Wiki Activity

Update Glossary

Browse Source 
* Add definition for "VM"
* Re-define "domain" (QubesOS/qubes-issues#1015)
* Add cross-reference links throughout the page
* Many other small updates and fixes
This commit is contained in:
Andrew David Wong 2016-05-25 01:52:38 -07:00
parent fdeab1e478
commit c120d0043f
No known key found for this signature in database
GPG Key ID: 8CE137352A019A17
1 changed files with 54 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

90
reference/glossary.md
View File

@ -22,9 +22,14 @@ compartmentalized (or isolated) in separate **qubes**.
technical contexts where spaces are not permitted, (e.g., usernames), the
space may be omitted, as in `QubesOS`.
VM
--
An abbreviation for "virtual machine." A software implementation of a machine
(for example, a computer) which executes programs like a physical machine.
Qube
----
A user-friendly term for a **domain** (i.e., a VM) in Qubes OS.
A user-friendly term for a [VM](#vm) in Qubes OS.
* Example: "In Qubes OS, you do your banking in your 'banking' qube and your
web surfing in your 'untrusted' qube. That way, if your 'untrusted' qube is
@ -38,41 +43,50 @@ A user-friendly term for a **domain** (i.e., a VM) in Qubes OS.
* The term "qube" should be lowercase unless it is the first word in a
sentence. Note that starting a sentence with the plural of "qube" (i.e.,
"Qubes...") can be ambiguous, since it may not be clear whether the referent
is a collection of qubes or Qubes OS.
is a collection of qubes or [Qubes OS](#qubes-os).
Domain
------
A synonym for **virtual machine (VM)**. A software implementation of a machine
(for example, a computer) which executes programs like a physical machine.
An area or set of activities in one's digital life that has certain security
requirements and therefore involves the use of certain [qubes](#qube). For
example, suppose your "email" domain encompasses the activity of sending
PGP-encrypted email. This domain may include your email qube and your [Split
GPG](/doc/split-gpg) qube. Note that domains and qubes are not the same thing.
In this example, your "email" domain includes the use of two qubes. Furthermore,
a qube can fall under multiple domains simultaneously. For example, your Split
GPG qube may also be part of your "software development" domain if you PGP-sign
your Git commits.
Dom0
----
Domain Zero. Also known as the **host** domain, dom0 is the initial domain
Domain Zero. Also known as the **host** domain, dom0 is the initial VM
started by the Xen hypervisor on boot. Dom0 runs the Xen management toolstack
and has special privileges relative to other domains, such as direct access to
most hardware.
most hardware. (Note that the use of "domain" for a synonym for "VM" is specific
to Xen. Qubes diverges from this practice. See: [domain](#domain).)
DomU
----
Unprivileged Domain. Also known as **guest** domains, domUs are the counterparts
to dom0. All domains except dom0 are domUs. By default, most domUs lack direct
hardware access.
to dom0. All VMs except dom0 are domUs. By default, most domUs lack direct
hardware access. (Note that the use of "domain" for a synonym for "VM" is
specific to Xen. Qubes diverges from this practice. See: [domain](#domain).)
TemplateVM
----------
Template Virtual Machine. Any VM which supplies its root filesystem to another
VM. TemplateVMs are intended for installing and updating software applications,
but not for running them.
Template Virtual Machine. Any [VM](#vm) which supplies its root filesystem to
another VM. TemplateVMs are intended for installing and updating software
applications, but not for running them.
* Colloquially, TemplateVMs are often referred to as "templates."
TemplateBasedVM
---------------
Any VM which depends on a TemplateVM for its root filesystem.
Any [VM](#vm) which depends on a TemplateVM for its root filesystem.
Standalone(VM)
--------------
Standalone (Virtual Machine). In general terms, a VM is described as
Standalone (Virtual Machine). In general terms, a [VM](#vm) is described as
**standalone** if and only if it does not depend on any other VM for its root
filesystem. (In other words, a VM is standalone if and only if it is not a
TemplateBasedVM.) More specifically, a **StandaloneVM** is a type of VM in Qubes
@ -82,15 +96,16 @@ while a TemplateVM is a type of standalone VM, it is not a StandaloneVM.)
AppVM
-----
Application Virtual Machine. A VM which is intended for running software
Application Virtual Machine. A [VM](#vm) which is intended for running software
applications. Typically a TemplateBasedVM, but may be a StandaloneVM. Never a
TemplateVM.
NetVM
-----
Network Virtual Machine. A type of VM which connects directly to a network and
provides access to that network to other VMs which connect to the NetVM. A NetVM
called `sys-net` is created by default in most Qubes installations.
Network Virtual Machine. A type of [VM](#vm) which connects directly to a
network and provides access to that network to other VMs which connect to the
NetVM. A NetVM called `sys-net` is created by default in most Qubes
installations.
Alternatively, "NetVM" may refer to whichever VM is directly connected to a VM
for networking purposes. For example, if `untrusted` is directly connected to
@ -99,32 +114,32 @@ is `untrusted`'s NetVM," even though `sys-firewall` is a ProxyVM.
ProxyVM
-------
Proxy Virtual Machine. A type of VM which proxies network access for other VMs.
Typically, a ProxyVM sits between a NetVM and another VM (such as an AppVM or a
TemplateVM) which requires network access.
Proxy Virtual Machine. A type of [VM](#vm) which proxies network access for
other VMs. Typically, a ProxyVM sits between a NetVM and another VM (such as an
AppVM or a TemplateVM) which requires network access.
FirewallVM
----------
Firewall Virtual Machine. A type of ProxyVM which is used to enforce
Firewall Virtual Machine. A type of [ProxyVM](#proxyvm) which is used to enforce
network-level policies (a.k.a. "firewall rules"). A FirewallVM called
`sys-firewall` is created by default in most Qubes installations.
DispVM
------
Disposable Virtual Machine. A temporary AppVM which can quickly be created,
used, and destroyed.
Disposable Virtual Machine. A temporary [AppVM](#appvm) which can quickly be
created, used, and destroyed.
DVM
---
An abbreviation of **DispVM**, typically used to refer to the TemplateVM on
which DispVMs are based. By default, a VM named `fedora-XX-dvm` is created on
An abbreviation of [DispVM](#dispvm), typically used to refer to the TemplateVM
on which DispVMs are based. By default, a VM named `fedora-XX-dvm` is created on
most Qubes installations (where `XX` is the current Fedora version).
PV
--
Paravirtualization. An efficient and lightweight virtualization technique
originally introduced by the Xen Project and later adopted by other
virtualization platforms. Unlike HVMs, paravirtualized VMs do not require
virtualization platforms. Unlike HVMs, paravirtualized [VMs](#vm) do not require
virtualization extensions from the host CPU. However, paravirtualized VMs
require a PV-enabled kernel and PV drivers, so the guests are aware of the
hypervisor and can run efficiently without emulation or virtual emulated
@ -132,26 +147,29 @@ hardware.
HVM
---
Hardware Virtual Machine. Any fully virtualized, or hardware-assisted, VM
Hardware Virtual Machine. Any fully virtualized, or hardware-assisted, [VM](#vm)
utilizing the virtualization extensions of the host CPU. Although HVMs are
typically slower than paravirtualized VMs due to the required emulation, HVMs
allow the user to create domains based on any operating system.
StandaloneHVM
-------------
Any HVM which is standalone (i.e., does not depend on any other VM for its root
filesystem). In Qubes, StandaloneHVMs are referred to simply as **HVMs**.
Any [HVM](#hvm) which is standalone (i.e., does not depend on any other VM for
its root filesystem). In Qubes, StandaloneHVMs are referred to simply as
**HVMs**.
TemplateHVM
-----------
Any HVM which functions as a TemplateVM by supplying its root filesystem to
other VMs. In Qubes, TemplateHVMs are referred to as **HVM templates**.
Any [HVM](#hvm) which functions as a [TemplateVM](#templatevm) by supplying its
root filesystem to other VMs. In Qubes, TemplateHVMs are referred to as **HVM
templates**.
PVH
---
PV on HVM. To boost performance, fully virtualized HVM guests can use special
paravirtual device drivers (PVHVM or PV-on-HVM drivers). These drivers are
optimized PV drivers for HVM environments and bypass the emulation for disk and
network I/O, thus providing PV-like (or better) performance on HVM systems. This
allows for optimal performance on guest operating systems such as Windows.
[PV](#pv) on [HVM](#hvm). To boost performance, fully virtualized HVM guests can
use special paravirtual device drivers (PVHVM or PV-on-HVM drivers). These
drivers are optimized PV drivers for HVM environments and bypass the emulation
for disk and network I/O, thus providing PV-like (or better) performance on HVM
systems. This allows for optimal performance on guest operating systems such as
Windows.