Quite a while ago, I published a paper with recommendations for a secure deployment of LDoms. Many things happend in the mean time, and an update to that paper was due. Besides some minor spelling corrections, many obsolete or changed links were updated. However, the main reason for the update was the introduction of a second usage model for LDoms. In a very short few words: With the success especially of the T4-4, many deployments make use of the hardware partitioning capabilities of that platform, assigning full PCIe root complexes to domains, mimicking dynamic system domains if you will. This different way of using the hypervisor needed to be addressed in the paper. You can find the updated version here:
I hope it'll be useful!