WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] Live Migration Config

Mark Williamson wrote:

I am a professional C/Unix coder. Can I help provide this functionality? It
seems fairly trivial.

Something using SSL certificates would probably do what you want. There are probably other ways to do this stuff, too. Patches to provide this functionality would be very welcome, although I guess we'd prefer them to be against Xen 3.0.
Python doesn't have a native SSL server socket :-( We'll have to write our own OpenSSL python bindings most likely.

SSL is also sort of overkill and will have non-neglible overhead. You really just want integrity verification. The only concern then is having the domain's memory being readable over the network. That's not acceptable for certain workloads (anything containing private data) but acceptable for the majority (for instance, a static webserver without any sort of password database).

You certainly need the option of encrypting the migration traffic though for those workloads where privacy matters.

Authentication is the trickier part of this all. Especially since there will be a strong desire to tie into larger-scale authentication infrastructures.

Proxying everything over an SSH connection is probably the best long term solution. However, I've not been able to figure out how to disable privacy in ssh :-/

Have I mentioned this is a hard problem? ;-)

Regards,

Anthony Liguori

HTH,
Mark

On 10/27/05, Mark Williamson <mark.williamson@xxxxxxxxxxxx> wrote:
How does one configure the live migration facility? Is there a
configuration file to allow a foreign dom0 to migrate a domU to the
local

dom0? Or can any dom0 migrate a domU to any other dom0?
It's pretty much free for all as far as dom0s are concerned ;-) Basically
if
one dom0 can reach another over a network, it can migrate stuff there!
Right
now, it's more or less expected that an organisation's dom0s are isolated
on
a vlan (or separate ethernet).

Cheers,
Mark

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users



_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users