|
|
|
|
|
|
|
|
|
|
xen-users
Re: [Xen-users] what protocol is used for migration
Also, there is indeed a migration paper:
http://www.cl.cam.ac.uk/netos/papers/2005-migration-nsdi-pre.pdf
Tim
On Tue, 24 Jan 2006 09:45:34 -0500 (EST)
Anthony.Golia@xxxxxxxxxxxxxxxxx wrote:
>
> thx. one can migrate stateless (diskless) domUs that have their storage
> on NFS and no SAN. forgot about VPNs like ssh tunnel, etc. if the
> migration protocol uses one or two UDP or TCP ports it would lend itself
> well to that, thx a lot.
>
> On Mon, 23 Jan 2006, Ralph Passgang wrote:
>
> > Am Montag, 23. Januar 2006 23:01 schrieb Anthony.Golia@xxxxxxxxxxxxxxxxx:
> > > hi. is there a whitepaper that talks about the details of copying the VM
> > > image across the network. i.e. is that encrypted in any way?
> >
> > I don't know if there is a whitepaper available, but for what I can say the
> > transfer is unencrypted at all.
> >
> > I think that is not really a problem, because if you want to migrate vm's
> > you have to use a san anyway. On a migration only the memory and some states
> > will be send over network. If you use a seperated network for the network
> > attached storage (san), then you can also safely migrate domainUs over the
> > san network without using the "wan" interface of your xen host. You can
> > firewall the migration ports on the wan side or just letting xend bind to
> > the san network interface.
> >
> > Migration domUs over long distance will not work (because you need the
> > current disk data on the other side too and because of the arp/mac-takeover
> > (so you your destination host has to be in the same layer2 network)). I
> > think there is no need for encryption, but if you really need it, why not
> > using a vpn (for example openvpn) for securing network traffic between the
> > both xen hosts? Or in a layer 2 network (what you need to do this anyway)
> > use a dedicated vlan or something like that. There are many possibilities
> > for securing network traffic, xen really doesn't need to take care of your
> > network security (at least in my humble opinion).
> >
> > > Cheers,
> > > Anthony
> >
> > --Ralph
> >
> > >
> > > _______________________________________________
> > > Xen-users mailing list
> > > Xen-users@xxxxxxxxxxxxxxxxxxx
> > > http://lists.xensource.com/xen-users
> >
> > _______________________________________________
> > Xen-users mailing list
> > Xen-users@xxxxxxxxxxxxxxxxxxx
> > http://lists.xensource.com/xen-users
> >
>
>
>
>
> Cheers,
> Anthony
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-users
>
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
|
|
|
|