[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

RE: [libvirt] [RFC]: Secure migration

From: "Itamar Heim" <iheim redhat com>
To: "'Chris Lalancette'" <clalance redhat com>, "'Libvirt'" <libvir-list redhat com>
Cc:
Subject: RE: [libvirt] [RFC]: Secure migration
Date: Tue, 3 Mar 2009 10:19:32 -0500 (EST)

> From: libvir-list-bounces redhat com [mailto:libvir-list-
> bounces redhat com] On Behalf Of Chris Lalancette
...
> 2)  virsh on the controller connects to the src, and initiates the
> migration
> command.  In turn, this causes the controller to also connect to the
> dst.  Now,
> during the "Prepare" step on the dst, we setup a qemu container to
> listen to
> some port (call it 1234) on localhost.  It also forks an external
> program (or a
> thread) to listen for an incoming gnutls connection.  Next, the
> "Perform" step
> is call on the src machine.  This forks an external program (or thread)
> to
> listen for incoming data from a localhost migration, do the gnutls
> handshake
> with the dst, and dump the data over the gnutls connection to the dst.
[IH] how is the connection secured? Do you assume both hosts share
Kerberos/certificates trust? Does the controller pass a shared encryption
key to both parties?
(I also like this approach better, since it keeps the existing qemu
migration, which is hard enough to stabilize)

Follow-Ups:
- Re: [libvirt] [RFC]: Secure migration
  - From: Chris Lalancette

References:
- [libvirt] [RFC]: Secure migration
  - From: Chris Lalancette

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]