[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-users] Xen 4.2 - Security on Live Migration



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello all,

I've recently switch from Xen 4.1 to 4.2.1 and from xm/xend to
xl/libxl toolstack as well.

Although Xen 4.1 did not support Secure Live Migration by default, I
could modify the /etc/xen/xend-config.sxp file giving any level of
security I wanted, either allow only specific hosts, or using ssl and
adjusting my private key and the certificate.


               #### e x a m p l e ####
###### uncommented modules in /etc/xen/xend-config.sxp ######
#####                                                  ######
(xend-relocation-ssl-server yes)
(xend-relocation-ssl-port 8003)
(xend-relocation-server-ssl-key-file   server.key)
(xend-relocation-server-ssl-cert-file  server.crt)
(xend-relocation-ssl yes)


Xen 4.2
- - uses xl by default [By default xl relies on ssh as a transport
mechanism between the two hosts.]

- - and also Xen daemon configuration file (xend-config.sxp ) is
officially deprecated

My question is, Is there any way that I can control the level of
security in Xen 4.2 considering Live Migration? Should I look in
specific libxl files??

Katerina

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJRLUqFAAoJEIrShLVVnSKr6BUH/i9unhmMJMDMDOC2yO5SA0dX
s/lju/k0QI37gDRNOvf8TI85FbuGGyaN/PHpAn8ElbVi3sRFIuMbTg824EYuTcmW
5SmfQay7igHiqb8VxLYAaeVgWTpRpLpI22w+X2NFjs9TPghdNH/s3RVJUg1jdo0M
+KpzvDM4eH1t8LSG8weMsPGAzoeP017ri4DKR6YG7gLbUy6WKG+E4MnOZT3FYI1j
+i1duavyPirX3LjbW+vSvFNu60O2ze2dDPjZKwXbs/buUzH7hkiazdplfSlXG589
7s3bt3kA/NvZ64QT+chThHwW/GjKc5gNTinr/s0jxD8dTqwPndqHWdH/VQEc/qc=
=hvsE
-----END PGP SIGNATURE-----

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxx
http://lists.xen.org/xen-users


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.