[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Xen 4.2 - Security on Live Migration



On Wed, 2013-02-27 at 09:29 +0000, Katerina Mparmpopoulou wrote:
> Hello Ian,
> 
> Thanks for the quick reply,
> 
> > Check out the xl manpage, in particular the -e option to xl
> > migrate, which lets you specify any command you like to act as the
> > transport.
> 
> I have checked already the xl manpage and also the migrate subcommand.
> 
> I thought that the -s sshcommand was the most relevant for me, but
> still i don't know how i can use it efficiently.

Sorry. I meant -s, I didn't have the manpage handy when I wrote -e.

> 
> If i want to place my own ssl key and my own certificate when i'm
> migrating a vm in another physical machine, how should I use the command??

You need to pass a command which will connect its stdin/stdout over the
communication channel of your choice to the stdin/stdout of "xl
migrate-receive" running on the target host. How you setup that
communication channel and arrange for that process on the remote machine
is up to you to arrange in that command.

For example you could reasonably trivially build something out of netcat
and ssh which did secure authentication and but insecure data transfer.

If you want to do something with SSL certs then I expect you will wantto
find an ssl capable netcat type thing, I think openssl has such
mechanisms in it. Or you could write your own client/server pair, etc
etc.

Ian.


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxx
http://lists.xen.org/xen-users


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.