From: "Mike D. Day" <ncmike@us.ibm.com>
To: Anthony Liguori <aliguori@us.ibm.com>
Cc: Ronald Perez <ronpz@us.ibm.com>,
"Scarlata, Vincent R" <vincent.r.scarlata@intel.com>,
"Cihula, Joseph" <joseph.cihula@intel.com>,
Stefan Berger <stefanb@us.ibm.com>,
xen-devel@lists.xensource.com
Subject: Re: A migration framework for external devices
Date: Thu, 09 Feb 2006 13:58:20 -0500 [thread overview]
Message-ID: <43EB90CC.4020006@us.ibm.com> (raw)
In-Reply-To: <43EB8DB7.4030503@us.ibm.com>
Anthony Liguori wrote:
> If the Xend is always listening for migrations on a well-known port, it
> is trivially easy to start migrating domains to that host. If the port
> number isn't decided until the time of migration (and better yet, is
> decided through a secure channel like SSH), it makes it difficult to
> determine when a port is open to migrate to and which port that is.
All you are doing with the dynamic port is making it harder for the
novice. It is good design but not security. (How many network services
do you know of that gain security by using variable ports?)
> All devices have to have their state migrated in some form. There's
> already code to handle that in Xend (via the S-Expression configuration
> file). The only reason TPM migration doesn't just work is that the
> current state migration is unidirectional and TPM requires bidirectional
> state synchronization.
I was thinking far beyond the front-end devices themselves and
considering the physical devices on the target machine, many of which
will be dual-ported storage, vlans, and other things that need physical
configuration in order to support the migrated virtual devices.
That is still a missing piece in the migration solution.
> All that's strictly required here is the ability to transfer the TPM
> state. This is just a little bit of additional code in XendCheckpoint
> that ran after suspend to transfer the TPM state.
Sorry, I disagree. A lot more is required for migration to be a useful
solution.
Mike
prev parent reply other threads:[~2006-02-09 18:58 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-02-08 20:16 A migration framework for external devices Stefan Berger
2006-02-08 21:28 ` Muli Ben-Yehuda
2006-02-08 21:30 ` Stefan Berger
2006-02-08 22:32 ` Mike D. Day
2006-02-08 22:40 ` Stefan Berger
2006-02-09 12:34 ` Mike D. Day
2006-02-09 15:01 ` Daniel Veillard
2006-02-09 16:10 ` Mike D. Day
2006-02-13 10:18 ` Daniel Veillard
2006-02-09 16:20 ` Stefan Berger
2006-02-09 16:37 ` Mike D. Day
2006-02-09 15:05 ` Anthony Liguori
2006-02-09 16:52 ` Stefan Berger
2006-02-09 17:05 ` Anthony Liguori
2006-02-09 17:51 ` Stefan Berger
2006-02-09 18:35 ` Mike D. Day
2006-02-09 18:45 ` Anthony Liguori
2006-02-09 18:58 ` Mike D. Day [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=43EB90CC.4020006@us.ibm.com \
--to=ncmike@us.ibm.com \
--cc=aliguori@us.ibm.com \
--cc=joseph.cihula@intel.com \
--cc=ronpz@us.ibm.com \
--cc=stefanb@us.ibm.com \
--cc=vincent.r.scarlata@intel.com \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.