[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Live Migration Config



> > It's pretty much free for all as far as dom0s are concerned ;-) 
> > Basically if one dom0 can reach another over a network, it can migrate
> > stuff there! Right now, it's more or less expected that an organisation's
> > dom0s are isolated on a vlan (or separate ethernet).
>
> Supposing the domain has not been isolated, supposing you were trying to
> transfer the domain on an open link across a subnet to another datacenter
> (for migratory purposes to another location entirely) - is there not some
> kind of way of preventing migration, or am I being stupid, and everyone
> firewalls their server to prevent this?
>
> I say this as my Xen units are on a private network, completely
> unfirewalled at this time, and am considering going live with a public IPv6
> implementation.

Right now (and particularly with Xen 2.0, since it exports the management 
interface over HTTP), the rule is basically not to have anything you don't 
trust be able to access dom0 over the network.  Even in Xen 3.0, the 
migration code doesn't really distinguish friend / foe, so anyone on the same 
network could migrate stuff to your machine (although it shouldn't be a 
security risk, it could get quite annoying!!!).

Cheers,
Mark

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.