| |
|
 |
|
 |
|
|
|
| |
|
|
xen-users
Re: [Xen-users] Re: Live Migration Config
Ian Pratt wrote:
The following configurable controls should be implemented for
Xen migration.
1. The migration port.
2. The network interface(s) that the migration service listens on.
3. The maximum # of allowed concurrent incoming migrations
from a foreign host.
4. Observance of the /etc/hosts.allow and /etc/hosts.deny
access controls (or the same within a Xen config file).
5. Some simple way to turn off incoming migration completely.
1, 2 & 5 are already possible; 4 is simple and is on the todo list[*]. 3
is more of a higher level tools issue.
The correct soloution is probably to have an 'xm migraterx' command that
generates a session key that has to be handed to 'xm migratetx'. The
actual transfer can then be authenticated, and potentially encrypted.
However, this will not be in 3.0.0.
With an SSL Xend interface, this would work quite well. Unfortunately,
this is a bit of work because Python doesn't have server-side SSL
support (doh!).
[*] The intention is that the set of allowable hosts be specificed in
xend-config.sxp e.g.: (migration-hosts-allow "*.test.xensource.com"
"129.34.45.0/24" "xenbits.xs.org" )
This might be a bit of overkill. Any basic firewall can provide this
functionality already. What would be nice is to have some common
firewall configurations for dom0 in the Users Manual. I'll write up
something for Shorewall this week.
Regards,
Anthony Liguori
It would be good if someone could knock the above up.
Ian
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
|
|
| |
|
Home