WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] XCP Xen Cloud Control System ver 0.3 released!

I only do static IP assignments on the VMs. I have no idea how you'd stop a VM from running a DHCP server from outside the VM (not that I can imagine why anyone would want to do that anyways). The best answer I've found for a lot of shennanigans is a zero tolerance policy in the terms of service (do it and you're gone, period).

Openflow looks like it might be useful except I'm not seeing much for controllers. I'm still pondering how to make best use of the capabilities of openvswitch.

XCCS multitenancy will provide a reduced set of functions to customers for controlling their own VMs with the end goal being self provisioning and automatic billing.

Vern


On 5/25/2010 4:49 AM, Matthew Law wrote:
Hi Verne,

a fine job!

Do you assign domU addresses from a DHCP server and if so how do you stop
a rogue VM from running it's own DHCP server and answering DHCP requests
from other domUs as they start up?

The default config for XCP does let a domU spoof IP addresses.  I asked
some questions on the openvswitch list recently and I get the impression
that with a separate flow controller box you could do some quite
fine-grained control of network properties even through migration.

What plans do you have for the multi-tenancy side of things? - if you need
any help with database development or the web frontend I would be more
than willing to help out (thats my background).


Cheers,

Matt

On Mon, May 24, 2010 11:09 pm, Vern Burke wrote:
Jonathan:
    I don't think there's much to do about preventing someone breaking out
of a DomU. As I've said before, that would have to be a severe fubar of
the hypervisor and it's not likely.

Protecting the Dom0 is really nothing more than the standard best
practices for any Internet connected server.

If you're really concerned about packet sniffing you could always use a
private vswitch and use a Vyatta virtual router and VPN out to wherever
you're going.

Vern
Sent from my BlackBerry® wireless device from U.S. Cellular




_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users