WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: [Xen-devel] A migration framework for external devices

To: Anthony Liguori <aliguori@xxxxxxxxxx>
Subject: Re: [Xen-devel] A migration framework for external devices
From: "Mike D. Day" <ncmike@xxxxxxxxxx>
Date: Thu, 09 Feb 2006 13:58:20 -0500
Cc: Ronald Perez <ronpz@xxxxxxxxxx>, "Scarlata, Vincent R" <vincent.r.scarlata@xxxxxxxxx>, "Cihula, Joseph" <joseph.cihula@xxxxxxxxx>, Stefan Berger <stefanb@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Thu, 09 Feb 2006 19:09:32 +0000
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <43EB8DB7.4030503@xxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <OF8A30427C.48305C4F-ON85257110.005AFDA3-85257110.005CA9EB@xxxxxxxxxx> <43EB766A.30701@xxxxxxxxxx> <43EB8B89.80909@xxxxxxxxxx> <43EB8DB7.4030503@xxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Thunderbird 1.5 (Macintosh/20051201)
Anthony Liguori wrote:

If the Xend is always listening for migrations on a well-known port, it is trivially easy to start migrating domains to that host. If the port number isn't decided until the time of migration (and better yet, is decided through a secure channel like SSH), it makes it difficult to determine when a port is open to migrate to and which port that is.

All you are doing with the dynamic port is making it harder for the novice. It is good design but not security. (How many network services do you know of that gain security by using variable ports?)

All devices have to have their state migrated in some form. There's already code to handle that in Xend (via the S-Expression configuration file). The only reason TPM migration doesn't just work is that the current state migration is unidirectional and TPM requires bidirectional state synchronization.

I was thinking far beyond the front-end devices themselves and considering the physical devices on the target machine, many of which will be dual-ported storage, vlans, and other things that need physical configuration in order to support the migrated virtual devices.

That is still a missing piece in the migration solution.

All that's strictly required here is the ability to transfer the TPM state. This is just a little bit of additional code in XendCheckpoint that ran after suspend to transfer the TPM state.

Sorry, I disagree. A lot more is required for migration to be a useful solution.

Mike

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel