WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-users] XCP Xen Cloud Control System ver 0.3 released!

from [Vern Burke] [Permanent Link][Original]
To: matt@xxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] XCP Xen Cloud Control System ver 0.3 released!
From: Vern Burke <vburke@xxxxxxxx>
Date: Tue, 25 May 2010 10:04:26 -0400
Cc: xen-users@xxxxxxxxxxxxxxxxxxx, Jonathan Tripathy <jonnyt@xxxxxxxxxxx>
Delivery-date: Tue, 25 May 2010 07:05:32 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <5330ace671848dbbe0069c43b622481e.squirrel@xxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <4BFAC419.9020507@xxxxxxxx> <4BFADA4B.5060705@xxxxxxxxxxx> <4BFADF2B.70205@xxxxxxxx><4BFAEC50.7070103@xxxxxxxxxxx> <1126208382-1274738991-cardhu_decombobulator_blackberry.rim.net-829565113-@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> <5330ace671848dbbe0069c43b622481e.squirrel@xxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.9) Gecko/20100317 Thunderbird/3.0.4
I only do static IP assignments on the VMs. I have no idea how you'd stop a VM from running a DHCP server from outside the VM (not that I can imagine why anyone would want to do that anyways). The best answer I've found for a lot of shennanigans is a zero tolerance policy in the terms of service (do it and you're gone, period).
Openflow looks like it might be useful except I'm not seeing much for controllers. I'm still pondering how to make best use of the capabilities of openvswitch.
XCCS multitenancy will provide a reduced set of functions to customers for controlling their own VMs with the end goal being self provisioning and automatic billing. 

Vern


On 5/25/2010 4:49 AM, Matthew Law wrote:

Hi Verne,

a fine job!

Do you assign domU addresses from a DHCP server and if so how do you stop
a rogue VM from running it's own DHCP server and answering DHCP requests
from other domUs as they start up?

The default config for XCP does let a domU spoof IP addresses.  I asked
some questions on the openvswitch list recently and I get the impression
that with a separate flow controller box you could do some quite
fine-grained control of network properties even through migration.

What plans do you have for the multi-tenancy side of things? - if you need
any help with database development or the web frontend I would be more
than willing to help out (thats my background).


Cheers,

Matt

On Mon, May 24, 2010 11:09 pm, Vern Burke wrote:

Jonathan:
    I don't think there's much to do about preventing someone breaking out
of a DomU. As I've said before, that would have to be a severe fubar of
the hypervisor and it's not likely.

Protecting the Dom0 is really nothing more than the standard best
practices for any Internet connected server.

If you're really concerned about packet sniffing you could always use a
private vswitch and use a Vyatta virtual router and VPN out to wherever
you're going.

Vern
Sent from my BlackBerry® wireless device from U.S. Cellular






_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-users] Random dom0 lock up, mdlabriola
Next by Date:  Re: [Xen-users] High availability and live migration with just LVMand hardware fencing, Frank S Fejes III
Previous by Thread:  Re: [Xen-users] XCP Xen Cloud Control System ver 0.3 released!, Matthew Law
Next by Thread:  RE: [Xen-users] XCP Xen Cloud Control System ver 0.3 released!, Jonathan Tripathy
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy