WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-users] Live Migration Config

from [Mark Williamson] [Permanent Link][Original]
To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] Live Migration Config
From: Mark Williamson <mark.williamson@xxxxxxxxxxxx>
Date: Fri, 28 Oct 2005 17:23:05 +0100
Cc: Matthew Walster <matthew@xxxxxxxxxxx>
Delivery-date: Fri, 28 Oct 2005 16:21:43 +0000
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <200510280059.01718.matthew@xxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <9e225d2f0510271403g2869c440n7f2a7bf9d32c1486@xxxxxxxxxxxxxx> <200510280026.36110.mark.williamson@xxxxxxxxxxxx> <200510280059.01718.matthew@xxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: KMail/1.8.3 
> > It's pretty much free for all as far as dom0s are concerned ;-) 
> > Basically if one dom0 can reach another over a network, it can migrate
> > stuff there! Right now, it's more or less expected that an organisation's
> > dom0s are isolated on a vlan (or separate ethernet).
>
> Supposing the domain has not been isolated, supposing you were trying to
> transfer the domain on an open link across a subnet to another datacenter
> (for migratory purposes to another location entirely) - is there not some
> kind of way of preventing migration, or am I being stupid, and everyone
> firewalls their server to prevent this?
>
> I say this as my Xen units are on a private network, completely
> unfirewalled at this time, and am considering going live with a public IPv6
> implementation.

Right now (and particularly with Xen 2.0, since it exports the management 
interface over HTTP), the rule is basically not to have anything you don't 
trust be able to access dom0 over the network.  Even in Xen 3.0, the 
migration code doesn't really distinguish friend / foe, so anyone on the same 
network could migrate stuff to your machine (although it shouldn't be a 
security risk, it could get quite annoying!!!).

Cheers,
Mark

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-users] Live Migration Config, Matthew Alton
Next by Date:  Re: [Xen-users] Live Migration Config, Mark Williamson
Previous by Thread:  Re: [Xen-users] Live Migration Config, Matthew Walster
Next by Thread:  Re: [Xen-users] Live Migration Config, Matthew Alton
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy