On 09/10/13 19:24, Roddy Rodstein wrote:

Greetings,

Thank you in advance for your support!

Our HP Xen 4.1.3 servers have 1TB of RAM, each Xen servers take 20 minutes to boot largely due to the "scrub free RAM" phase. If/when we have dom0 failures and HA kicks-in, we would like to reduce the boot time to make the resource quickly available, perhaps using the no-bootscrub attribute in grub.conf.

Could you please share your comments about turning of RAM scrubbing, i.e. have you seen any consequences, security issues and/or threats, red flags, etc...?

We have asked the same question at the commercially supported Xen forums, i.e. Oracle and Citrix, as well as to each aforementioned support team, and have not received a lick of meaningful information.

Respectfully,

Roddy

In the Xen model, domains are responsible for clearing any sensitive data they have out of memory before shutdown.

The bootscrub is a preventative measure to ensure that after a crash, stale domain information is cleared from RAM before that RAM is reused for a new VM.

If this is not a concern for you, then you can easily turn bootscrub off by adding "no-bootscrub" to the Xen command line.

~Andrew