Re: [Xen-devel] [PATCH] docs/designs: Add a design document for transparent live migration

[Ian Jackson <ian.jackson@xxxxxxxxxx>]

Paul Durrant writes ("[PATCH] docs/designs: Add a design document for 
transparent live migration"):
> It has become apparent to some large cloud providers that the current
> model of co-operative migration of guests under Xen is not usable as it
> places trust in software running inside the guest, which is likely
> beyond the provider's trust boundary.
> This patch introduces a proposal for a 'transparent' live migration,
> designed to overcome the need for this trust.

I have reviewed this and it seems like an accurate summary of the
situation, and a plausible proposal.  I wonder if some of the
existing-situation text could go into other documents.

I have some very minor comments.

I don't like the term `transparent'.  It is often abused in other
contexts.  It can be clear to whom things are transparent.  In a very
real sense existing migration is `transparent' to a domain's network
peers, for example.  How about `oblivious' ?

I don't think `trust' is right, either.  I think you mean `reliance'
or something.  `Trust' makes it sound like the guest can cause trouble
for the host.  Whereas the problem you are addressing here is that
the guest can cause trouble *for itself* by not operating the
migration protocols correctly.  This is an operational inconvenience,
but `trust' implies a security issue.

Ian.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel