|
|
|
|
|
|
|
|
|
|
xen-users
[Xen-users] Patch management using Xen--A Hypothetical Scenario!
Hi All,
My aim is to simulate patch management via Xen virtual environment, to represent a real life use case scenario; as in real life environments it is difficult; before we apply patches on effected nodes, there's great need to carefully apply those patches to make sure things don't break or apply patches in a controlled fashion.
Specifically in a situation such as "Cloud Computing" or "Compute Grids" where resources are in shared environment; for example (A hypothetical scenario...). In a joint Project called ENROLLER; Chris is a System admin; having different privileges to apply any "critical updates" related to OS having Sys admin role; John has different privileges such as Grid-Engineer to apply "ONLY Middlware or Shibbeloth-related(a middleware security tool)" patches (such as GSI or Globus patches); while Alice being a developer has the rights to apply patches related to "application software" e.g. ONLY Java
or Browser related patches........
Can Xen be used in such a scenario with several images (domUs).... because in real life environments things might not work.
How if I try to approach the "secure patch management" in the following manner (steps):
1. 'patch notification' from Microsoft/Debian or Sun/Xen or Globus for any patch update [depends upon who should get these update notifications]
2. Get a list of All existing images (domU's) on the system
3. Verify the integrity of the patch(such as checking digital signatures etc)
4. Identify which of the domU is effected and need to be patched
5. If there's need then "pause" the domU i.e (image) and then apply the patch; else
6. Clone the image; and test patches on it before applying it to real domU
Or
7. Live migrate the image to other domU or back up area in the dom0 [depending on who can migrate this domU]
8. Once patch is applied and things haven't gone wrong (no side effects), then restart the domU
8. On successful or failure of patch application notify the sys admin via (dom0)
9. Sys admin in turn update the central Information base (any Data-Base e.g MySQL) for recent changes
Off course all of the above steps would be in some automated fashion.....
I'm interested in experimenting the above (these may be more or less);
Can any one point me to any related tool/wiki/doc which can have a such use-case....?
-Jan Muhammad
|
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
|
|
|
|