Re: [Xen-users] XCP Xen Cloud Control System ver 0.3 released!

["Matthew Law" <matt@xxxxxxxxxxxxxxxxxx>]

Hi Verne,

a fine job!

Do you assign domU addresses from a DHCP server and if so how do you stop
a rogue VM from running it's own DHCP server and answering DHCP requests
from other domUs as they start up?

The default config for XCP does let a domU spoof IP addresses.  I asked
some questions on the openvswitch list recently and I get the impression
that with a separate flow controller box you could do some quite
fine-grained control of network properties even through migration.

What plans do you have for the multi-tenancy side of things? - if you need
any help with database development or the web frontend I would be more
than willing to help out (thats my background).


Cheers,

Matt

On Mon, May 24, 2010 11:09 pm, Vern Burke wrote:
> Jonathan:
>    I don't think there's much to do about preventing someone breaking out
> of a DomU. As I've said before, that would have to be a severe fubar of
> the hypervisor and it's not likely.
>
> Protecting the Dom0 is really nothing more than the standard best
> practices for any Internet connected server.
>
> If you're really concerned about packet sniffing you could always use a
> private vswitch and use a Vyatta virtual router and VPN out to wherever
> you're going.
>
> Vern
> Sent from my BlackBerry® wireless device from U.S. Cellular



_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users