This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-users] Access Control solution for Xen?

To: Ozan Safi <ozansafi@xxxxxxxxx>, xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] Access Control solution for Xen?
From: Jonathan Tripathy <jonnyt@xxxxxxxxxxx>
Date: Wed, 08 Dec 2010 13:29:45 +0000
Delivery-date: Wed, 08 Dec 2010 05:31:05 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <AANLkTinr=A=Rvuxp_664wD6UojLaw+jVbrxDjgQQjw4_@xxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <AANLkTim=LuTYHrpnOdf09m4CGT0BxKUipAVgjSRxOFpq@xxxxxxxxxxxxxx> <4CFF6BFC.6000000@xxxxxxxxxxx> <AANLkTinr=A=Rvuxp_664wD6UojLaw+jVbrxDjgQQjw4_@xxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv: Gecko/20101027 Thunderbird/3.1.6

On 08/12/10 13:21, Ozan Safi wrote:
I am looking for an open-source management solution that has support for access control. For some reason I wasn't able to access the control panel demo site but I went through dtc-xen's presentation and have not seen anything related to access control. Could you point me to a link where this is explained?
Please explain what you mean by "access control". To me, this means that you only want certain users to be able to control certain DomUs (i.e. a hosting solution). dtc-xen indeed does have access control on a per customers base. Just because something is tailored towards a hosting company doesn't meant that it *has* to be used for hosting. (Replace the word "customer" with "staff member")

Until now, I've only seen mention of such a feature on Eucalyptus Enterprise Edition.
from http://www.eucalyptus.com/products/eee: "Sophisticated user, group, and role management allows precise control of resources within a private cloud"
Indeed Eucalyptus supports this, but is very difficult to get going.

If it is not available in any free and open-source software, I am planning to implement it myself. Either by extending one of the management solutions or modifying the Xen code itself.
You shoudn't (but legally can) modify the Xen code to support this. Xen is a Type 1 Hypervisor, which is out of scope for access control. Indeed, maybe modifying the xm scripts to do this may be an option, but again you run the risk of breaking something. This is why all solutions out there haven't actually modified xm scripts, but have made an "over the top" layer for control....with the assumption that direct SSH access to the Dom0 isn't available from the outside (which it shouldn’t be!)

Xen-users mailing list
<Prev in Thread] Current Thread [Next in Thread>