WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] Live Migration Config

To: Xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] Live Migration Config
From: Matthew Alton <simplicissimus@xxxxxxxxx>
Date: Fri, 28 Oct 2005 11:19:24 -0500
Delivery-date: Fri, 28 Oct 2005 16:16:35 +0000
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=Ntt7HfrjoA4TKZh+aXD+l8vHfAcPURTgyZoic9jfaQuuxYWJv1x8nSc4xduRqVQ3/ous1Z/spH86Uo2TXIL+plfS/i7i0V0MfC4wj+dGElKRDM5aOdbPfyBzcmuR0bVzMCjdrhE4AeedTZxmKdsU9HjvcesswGxaNBINMXMgzbs=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <200510280026.36110.mark.williamson@xxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <9e225d2f0510271403g2869c440n7f2a7bf9d32c1486@xxxxxxxxxxxxxx> <200510280026.36110.mark.williamson@xxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
This is not good.  I'm going to have a devil of a time selling this into enterprises of any size.  Are there any plans to provide filtering rules, authentication, authorization facilities in the works?  Any bolt-ons? We're looking at a serious show-stopper in organizations large enough to have an information protection department, or even security-minded clueful personnel.  As long as I can fire up the Xen Live CD on my laptop and shoot domU missiles at a production Xen instance and have them happily migrate we're at a standstill.  The security people will demand, at a minimum, that we do not run xfrd on the production node.  There goes a monster selling point and my entire position against VM-Ware.

I am a professional C/Unix coder.  Can I help provide this functionality?  It seems fairly trivial.

On 10/27/05, Mark Williamson < mark.williamson@xxxxxxxxxxxx> wrote:
> How does one configure the live migration facility? Is there a
> configuration file to allow a foreign dom0 to migrate a domU to the local
> dom0? Or can any dom0 migrate a domU to any other dom0?

It's pretty much free for all as far as dom0s are concerned ;-)  Basically if
one dom0 can reach another over a network, it can migrate stuff there!  Right
now, it's more or less expected that an organisation's dom0s are isolated on
a vlan (or separate ethernet).

Cheers,
Mark

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users