WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] Live Migration Config

> This is not good. I'm going to have a devil of a time selling this into
> enterprises of any size. Are there any plans to provide filtering rules,
> authentication, authorization facilities in the works? Any bolt-ons?

Talking about Xen 3.0:

It's been talked about for some time.  For now the solution is to use vlans 
for your dom0s, or (equivalently) physically separate networks.  dom0s are 
your management infrastructure, and they really need protecting from 
interference.

You can't have dom0s on a hostile network if you want to prevent these "rogue 
migrations".  Note that you can't force an outgoing migration from a node, so 
nobody can "steal" your running domUs.  However, if someone gets on a segment 
of network that can reach your dom0s they could send you some domUs of their 
own - shouldn't be a security issue (the domUs will still be isolated by Xen) 
but could get quite annoying ;-)

> looking at a serious show-stopper in organizations large enough to have an
> information protection department, or even security-minded clueful
> personnel. As long as I can fire up the Xen Live CD on my laptop and shoot
> domU missiles at a production Xen instance and have them happily migrate
> we're at a standstill.

Only if the laptop is on your management network...

> The security people will demand, at a minimum, that 
> we do not run xfrd on the production node. There goes a monster selling
> point and my entire position against VM-Ware.

:-(

If you're running Xen 2.0, it's even more important to run dom0 on a separate 
network - the management interface is also exported over TCP.  By default, it 
only accepts connections from localhost but it does mean you must trust all 
local users on the system.

IIRC, the Xensource public servers just use a separate management network for 
the dom0s.

> I am a professional C/Unix coder. Can I help provide this functionality? It
> seems fairly trivial.

Something using SSL certificates would probably do what you want.  There are 
probably other ways to do this stuff, too.  Patches to provide this 
functionality would be very welcome, although I guess we'd prefer them to be 
against Xen 3.0.

HTH,
Mark

> On 10/27/05, Mark Williamson <mark.williamson@xxxxxxxxxxxx> wrote:
> > > How does one configure the live migration facility? Is there a
> > > configuration file to allow a foreign dom0 to migrate a domU to the
> >
> > local
> >
> > > dom0? Or can any dom0 migrate a domU to any other dom0?
> >
> > It's pretty much free for all as far as dom0s are concerned ;-) Basically
> > if
> > one dom0 can reach another over a network, it can migrate stuff there!
> > Right
> > now, it's more or less expected that an organisation's dom0s are isolated
> > on
> > a vlan (or separate ethernet).
> >
> > Cheers,
> > Mark

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users