From mboxrd@z Thu Jan 1 00:00:00 1970 From: Anthony Liguori Subject: Re: Xend port Date: Thu, 03 Mar 2005 11:49:21 -0600 Message-ID: <42274E21.2020402@us.ibm.com> References: <42268544.3060201@help-for-you.com> <200503031533.49342.maw48@cl.cam.ac.uk> <42273EE1.1050905@xensource.com> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit In-Reply-To: <42273EE1.1050905@xensource.com> Sender: xen-devel-admin@lists.sourceforge.net Errors-To: xen-devel-admin@lists.sourceforge.net List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , List-Archive: To: Rich Persaud Cc: Mark Williamson , xen-devel@lists.sourceforge.net, Ted Hilts , Tim.Deegan@cl.cam.ac.uk List-Id: xen-devel@lists.xenproject.org Rich Persaud wrote: > Questions: > > 1) xend web interface appears on port 8080 (non SSL). Is the > xend-config.sxp parameter not honored? I'm not sure. I'm reasonably sure that even if you could support changing the port, changing it to 443 would not automatically make it use SSL. > 2) Does Twisted natively support SSL? I found conflicting statements > in my brief research. I'm not sure about "native" but I'm quite sure you can use SSL with Twisted. > 3) What is listening on ports 8000 and 8001? Xend listens on 8000 (provides a web interface). 8001 is used by Xend for events. > 4) Related subject, how is xfrd (port 8002) secured against malicious > domain transfers? It's not. This is one of the reasons why VM-Tools takes such a different approach to domain migration. All of the tools in VM-Tools are small and single purposed. One of these tools (vm-create) will have the ability to read a saved image from standard input. Another tool (vm-save) will be able to save an image to standard output. Migration is simply a matter of piping vm-save to an instance of vm-create executed via ssh. The transport is actually transparent to the migration process. You could just as easily use rexec, or write a simple remote shell that did IP-level filtering instead of authentication. This approach gives you a wide variety of choices in terms of signing, sealing, and authentication mechanisms. Since ssh uses pam, you instantly are tied into most existing single sign-on environments (through pam_krb5, pam_winbind, etc.). While using ssh as the transport is debatable, I believe tying into pam is inevitable for any migration implementation. Of course, VM-Tools is still a work in progress. Someone is currently working on migration support. We're hoping to have it available by the end of the month. Regards, > > Rich > > > > > > ------------------------------------------------------- > SF email is sponsored by - The IT Product Guide > Read honest & candid reviews on hundreds of IT Products from real users. > Discover which products truly live up to the hype. Start reading now. > http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/xen-devel > ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click