From mboxrd@z Thu Jan  1 00:00:00 1970
From: Matt Wilson <msw@linux.com>
Subject: Re: Suggestion for merging xl
 save/restore/migrate/migrate-receive
Date: Wed, 2 Oct 2013 19:19:48 -0700
Message-ID: <20131003021948.GA29049@u109add4315675089e695.ant.amazon.com>
References: <523337AA.5080103@oracle.com>
	<CAFLBxZYiK3ekEKitnrxbPuFoFBxp1vLy8zrHbmZcoHom9to+zA@mail.gmail.com>
	<5237291C.9090100@oracle.com>
	<21047.12251.625579.745154@mariner.uk.xensource.com>
	<523742B3.5040204@oracle.com> <523811E8.6080304@eu.citrix.com>
	<20130924164652.GC13979@phenom.dumpdata.com>
	<CAFLBxZbeDik_PG14Wkd1jq0Xq+_3cVo2XyEph68TCeaCPo2G7w@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
Content-Disposition: inline
In-Reply-To: <CAFLBxZbeDik_PG14Wkd1jq0Xq+_3cVo2XyEph68TCeaCPo2G7w@mail.gmail.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: George Dunlap <George.Dunlap@eu.citrix.com>
Cc: xen-devel <xen-devel@lists.xen.org>, Zhigang Wang <zhigang.x.wang@oracle.com>, Ian Jackson <Ian.Jackson@eu.citrix.com>, Matt Wilson <msw@amazon.com>
List-Id: xen-devel@lists.xenproject.org

On Wed, Sep 25, 2013 at 11:06:29AM +0100, George Dunlap wrote:
> On Tue, Sep 24, 2013 at 5:46 PM, Konrad Rzeszutek Wilk
> <konrad.wilk@oracle.com> wrote:
> >> >>>* In order to migrate a VM without user interactive, we have to configure ssh
> >> >>>   keys for all Servers in a pool. Key management brings complexity.
> >> >>
> >> >>Surely your automated server deployment system can manage this ?
> >> >
> >> >Yes, we can.
> >> >
> >> >keys are states; we need to make sure they are always sync. Also after this,
> >> >all Servers in a pool can login to each other. I don't know whether it's
> >> >a security issue for our product.
> >> >
> >> >This is something we try to avoid at this time.
> >>
> >> ...so instead of allowing anyone on one of the hosts log in, you're
> >> going to allow anyone with access to the network to create a VM
> >> without any kind of authentication?
> >>
> >> From a security perspective, that doesn't really sound like an
> >> improvement...
> >>
> >
> > How did this work with 'xend' and its migration using SSL? Was it as
> > simple as this ?
> 
> I have no idea -- Matt, do you know / would you care to take a look
> and find out (since you have expressed a willingness to maintain
> xend)?

It seems that you would just configure a ssl key file and cert file in
xend-config.sxp

http://xenbits.xen.org/gitweb/?p=xen.git;a=commitdiff;h=0f26d15c

Zhigang: you wrote this code, correct?

--msw