[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] Live Migration Config
> > It's pretty much free for all as far as dom0s are concerned ;-) > > Basically if one dom0 can reach another over a network, it can migrate > > stuff there! Right now, it's more or less expected that an organisation's > > dom0s are isolated on a vlan (or separate ethernet). > > Supposing the domain has not been isolated, supposing you were trying to > transfer the domain on an open link across a subnet to another datacenter > (for migratory purposes to another location entirely) - is there not some > kind of way of preventing migration, or am I being stupid, and everyone > firewalls their server to prevent this? > > I say this as my Xen units are on a private network, completely > unfirewalled at this time, and am considering going live with a public IPv6 > implementation. Right now (and particularly with Xen 2.0, since it exports the management interface over HTTP), the rule is basically not to have anything you don't trust be able to access dom0 over the network. Even in Xen 3.0, the migration code doesn't really distinguish friend / foe, so anyone on the same network could migrate stuff to your machine (although it shouldn't be a security risk, it could get quite annoying!!!). Cheers, Mark _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |