We are looking at deploying our application as a Xen image, to a hosting company that we aren't 100% sure about yet. Can they access random data on our virtual hard drive(s)?
This page says no:
About Domains
Dom0 and domU are separate entities. Other than by login, you cannot access a domU from dom0...
But I want to be really, really sure. If there are "n00b" issues that I'm not understanding, that's fine :-). Just point them out to me.
kpartxwill let you map the disk image to its component partitions, then you can mount that partition. So yes, they can get at the data in the domU.Basically, for any virtualization platform, always remember that the dom0 has higher security privileges with the Hypervisor than the domU.
If the item is stored on disk in some way shape or form, technically they could read it if they wanted to, by using forensic tools to take whatever disk image that is stored for the DomU and parsing it.
If you don't trust your host, then maybe it is not a wise idea to put your sensitive data on their servers. Get a dedicated server somewhere. You have full control and you know how secure it is and who has access to it.