[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Live Migration Config

To: Mark Williamson <mark.williamson@xxxxxxxxxxxx>
From: Anthony Liguori <aliguori@xxxxxxxxxx>
Date: Fri, 28 Oct 2005 15:00:55 -0500
Cc: xen-users@xxxxxxxxxxxxxxxxxxx, Matthew Alton <simplicissimus@xxxxxxxxx>
Delivery-date: Fri, 28 Oct 2005 19:58:11 +0000
List-id: Xen user discussion <xen-users.lists.xensource.com>

Mark Williamson wrote:

I am a professional C/Unix coder. Can I help provide this functionality? It
seems fairly trivial.
Something using SSL certificates would probably do what you want. There areprobably other ways to do this stuff, too. Patches to provide thisfunctionality would be very welcome, although I guess we'd prefer them to beagainst Xen 3.0.

Python doesn't have a native SSL server socket :-( We'll have to writeour own OpenSSL python bindings most likely.

SSL is also sort of overkill and will have non-neglible overhead. Youreally just want integrity verification. The only concern then ishaving the domain's memory being readable over the network. That's notacceptable for certain workloads (anything containing private data) butacceptable for the majority (for instance, a static webserver withoutany sort of password database).

You certainly need the option of encrypting the migration traffic thoughfor those workloads where privacy matters.

Authentication is the trickier part of this all. Especially since therewill be a strong desire to tie into larger-scale authenticationinfrastructures.

Proxying everything over an SSH connection is probably the best longterm solution. However, I've not been able to figure out how to disableprivacy in ssh :-/


Have I mentioned this is a hard problem? ;-)

Regards,

Anthony Liguori

HTH,
Mark

On 10/27/05, Mark Williamson <mark.williamson@xxxxxxxxxxxx> wrote:

How does one configure the live migration facility? Is there a
configuration file to allow a foreign dom0 to migrate a domU to the

local

dom0? Or can any dom0 migrate a domU to any other dom0?

It's pretty much free for all as far as dom0s are concerned ;-) Basically
if
one dom0 can reach another over a network, it can migrate stuff there!
Right
now, it's more or less expected that an organisation's dom0s are isolated
on
a vlan (or separate ethernet).

Cheers,
Mark


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users



_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

Follow-Ups:
- Re: [Xen-users] Live Migration Config
  - From: Nivedita Singhvi

References:
- [Xen-users] Live Migration Config
  - From: Matthew Alton
- Re: [Xen-users] Live Migration Config
  - From: Mark Williamson
- Re: [Xen-users] Live Migration Config
  - From: Matthew Alton
- Re: [Xen-users] Live Migration Config
  - From: Mark Williamson

Prev by Date: Re: [Xen-users] Live Migration Config
Next by Date: Re: [Xen-users] Live Migration Config
Previous by thread: Re: [Xen-users] Live Migration Config
Next by thread: Re: [Xen-users] Live Migration Config
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.