[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Access Control solution for Xen?




On 08/12/10 13:21, Ozan Safi wrote:
Hi,
I am looking for an open-source management solution that has support for access control. For some reason I wasn't able to access the control panel demo site but I went through dtc-xen's presentation and have not seen anything related to access control. Could you point me to a link where this is explained?
Please explain what you mean by "access control". To me, this means that you only want certain users to be able to control certain DomUs (i.e. a hosting solution). dtc-xen indeed does have access control on a per customers base. Just because something is tailored towards a hosting company doesn't meant that it *has* to be used for hosting. (Replace the word "customer" with "staff member")


Until now, I've only seen mention of such a feature on Eucalyptus Enterprise Edition.
from http://www.eucalyptus.com/products/eee: "Sophisticated user, group, and role management allows precise control of resources within a private cloud"
Indeed Eucalyptus supports this, but is very difficult to get going.

If it is not available in any free and open-source software, I am planning to implement it myself. Either by extending one of the management solutions or modifying the Xen code itself.
You shoudn't (but legally can) modify the Xen code to support this. Xen is a Type 1 Hypervisor, which is out of scope for access control. Indeed, maybe modifying the xm scripts to do this may be an option, but again you run the risk of breaking something. This is why all solutions out there haven't actually modified xm scripts, but have made an "over the top" layer for control....with the assumption that direct SSH access to the Dom0 isn't available from the outside (which it shouldn’t be!)




_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.