[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Live Migration Config



Matthew Alton wrote:

This is not good. I'm going to have a devil of a time selling this into enterprises of any size.

This has been discussed a lot--it's a well known weak point of Xen.

The problem is complex and has a lot to do with performance, but suffice to say, it will be solved. Most likely not for 3.0 but likely for the 3.1 timeframe.

Are there any plans to provide filtering rules, authentication, authorization facilities in the works?

Right now, you can achieve reasonable security by using firewall rules. You can use this to provide host-level filtering at least.

That doesn't solve spoofing/sniffing/authentication/etc though.

Any bolt-ons? We're looking at a serious show-stopper in organizations large enough to have an information protection department, or even security-minded clueful personnel. As long as I can fire up the Xen Live CD on my laptop and shoot domU missiles at a production Xen instance and have them happily migrate we're at a standstill. The security people will demand, at a minimum, that we do not run xfrd on the production node. There goes a monster selling point and my entire position against VM-Ware.

Live migration is very performance sensitive. There are concerns about the overhead of encrypting the data. If you on an insecure network, you want to do something like:

safemigrate() {
   xm save $1 /tmp/xen-temp-$1.img && \
   scp /tmp/xen-temp-$1.img $2:/tmp && \
   ssh $2 xm restore /tmp/xen-temp-$1.img && \
   rm /tmp/xen-temp-$1.img
}

safemigrate WebServer root@xxxxxxxxxxxxxxxxxxxxxxx

You'll get 10s of seconds to a few minutes of down time but you'll have excellent security.

If you want subsecond down-time, you need an isolated network.

I am a professional C/Unix coder. Can I help provide this functionality? It seems fairly trivial.

Xend needs some rearchitecting to make secure live migration possible. It's too much change for 3.0 to do it right. However, if you want to help out for 3.1, patches are always appreciated :-)

Regards,

Anthony Liguori

On 10/27/05, *Mark Williamson* < mark.williamson@xxxxxxxxxxxx <mailto:mark.williamson@xxxxxxxxxxxx>> wrote:

    > How does one configure the live migration facility? Is there a
    > configuration file to allow a foreign dom0 to migrate a domU to
    the local
    > dom0? Or can any dom0 migrate a domU to any other dom0?

    It's pretty much free for all as far as dom0s are concerned
    ;-)  Basically if
    one dom0 can reach another over a network, it can migrate stuff
    there!  Right
    now, it's more or less expected that an organisation's dom0s are
    isolated on
    a vlan (or separate ethernet).

    Cheers,
    Mark


------------------------------------------------------------------------

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users



_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.