WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] what protocol is used for migration

To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] what protocol is used for migration
From: Ralph Passgang <ralph@xxxxxxxxxxxxx>
Date: Tue, 24 Jan 2006 00:31:51 +0100
Delivery-date: Mon, 23 Jan 2006 23:40:31 +0000
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <Pine.LNX.4.58.200601231700270.25676@xxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <Pine.LNX.4.58.200601231700270.25676@xxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: KMail/1.9.1
Am Montag, 23. Januar 2006 23:01 schrieb Anthony.Golia@xxxxxxxxxxxxxxxxx:
> hi.  is there a whitepaper that talks about the details of copying the VM
> image across the network.  i.e. is that encrypted in any way?

I don't know if there is a whitepaper available, but for what I can say the 
transfer is unencrypted at all.

I think that is not really a problem, because if you want to migrate vm's you 
have to use a san anyway. On a migration only the memory and some states will 
be send over network. If you use a seperated network for the network attached 
storage (san), then you can also safely migrate domainUs over the san network 
without using the "wan" interface of your xen host. You can firewall the 
migration ports on the wan side or just letting xend bind to the san network 
interface.

Migration domUs over long distance will not work (because you need the current 
disk data on the other side too and because of the arp/mac-takeover (so you 
your destination host has to be in the same layer2 network)). I think there 
is no need for encryption, but if you really need it, why not using a vpn 
(for example openvpn) for securing network traffic between the both xen 
hosts? Or in a layer 2 network (what you need to do this anyway) use a 
dedicated vlan or something like that. There are many possibilities for 
securing network traffic, xen really doesn't need to take care of your 
network security (at least in my humble opinion).

> Cheers,
> Anthony

--Ralph

>
> _______________________________________________
> Xen-users mailing list
> Xen-users@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-users

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

<Prev in Thread] Current Thread [Next in Thread>