From mboxrd@z Thu Jan 1 00:00:00 1970 From: George Dunlap Subject: Re: Suggestion for merging xl save/restore/migrate/migrate-receive Date: Wed, 25 Sep 2013 11:06:29 +0100 Message-ID: References: <523337AA.5080103@oracle.com> <5237291C.9090100@oracle.com> <21047.12251.625579.745154@mariner.uk.xensource.com> <523742B3.5040204@oracle.com> <523811E8.6080304@eu.citrix.com> <20130924164652.GC13979@phenom.dumpdata.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <20130924164652.GC13979@phenom.dumpdata.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: Konrad Rzeszutek Wilk Cc: Zhigang Wang , Ian Jackson , Matt Wilson , xen-devel List-Id: xen-devel@lists.xenproject.org On Tue, Sep 24, 2013 at 5:46 PM, Konrad Rzeszutek Wilk wrote: >> >>>* In order to migrate a VM without user interactive, we have to configure ssh >> >>> keys for all Servers in a pool. Key management brings complexity. >> >> >> >>Surely your automated server deployment system can manage this ? >> > >> >Yes, we can. >> > >> >keys are states; we need to make sure they are always sync. Also after this, >> >all Servers in a pool can login to each other. I don't know whether it's >> >a security issue for our product. >> > >> >This is something we try to avoid at this time. >> >> ...so instead of allowing anyone on one of the hosts log in, you're >> going to allow anyone with access to the network to create a VM >> without any kind of authentication? >> >> From a security perspective, that doesn't really sound like an >> improvement... >> > > How did this work with 'xend' and its migration using SSL? Was it as > simple as this ? I have no idea -- Matt, do you know / would you care to take a look and find out (since you have expressed a willingness to maintain xend)? -George