Hi Manasa, My comments are inline.
Regards, Devdeep > -----Original Message----- > From: Manasa Veloori (3P) [mailto:manasa.velo...@citrix.com] > Sent: Wednesday, May 08, 2013 5:16 PM > To: cloudstack-...@incubator.apache.org > Subject: [DISCUSS]Support for intel TXT technology > > > http://comments.gmane.org/gmane.comp.apache.cloudstack.devel/8118 > > Hi All, > > > Just as a continuation on the discuss regarding the support of Intel TXT for > cloud stack....I have few questions > > > 1. Suppose we have the xenserver6.0 host running the trust agent and it > is > registered with attestation server and now if we want to upgrade it to > XenServer 6.1.how does attestation server handle this situation....? [Devdeep] If a hypervisor is upgraded, the host will have to be re-registered with the attestation server. > > 2. Suppose I have a host which is not registered with attestation server > and > as a admin I have changed the tag of the host to 'Trusted-host'(default tag > for > trusted host).Now when I am trying to register the host how will the > attestation server handle. [Devdeep] Tags are a cloudstack concept and the attestation server isn't aware of it. Even if a host is tagged, when cloudstack connects to a host it checks with the attestation server if the host is trusted or not. If the host is found to be untrusted any 'Trusted-host' tag (or any other tag if the default has been updated) is removed from the host. If the host is found to be trusted it is tagged appropriately. > > 3. If trust agent is not running in the host and we added that host to > the > registered zone........will it throw any exception. [Devdeep] If a trust agent isn't running on the host the trust assertions can be established for the host and the host will not be tagged as trusted host. > > 4. Do we have to explicitly register the host with attestation server > prior to > adding it to cloud stack or will it automatically gets registered when we add > host to CloudStack. [Devdeep] The host will not be automatically registered with the attestation server. It have will have registered with the registerHostWithAttestionServer api after it has added to cloudstack. > > 5. How CloudStack handles the situation when attestation server goes down > i.e., CloudStack already have some trusted hosts and now the user wants to > deploy an instance in trusted host but the attestation server is down. [Devdeep] CloudStack checks with the attestation server whether a host is trusted or not only when it connects with the host. If a host is trusted it is tagged accordingly. When a deploy vm request is handled, cloudstack doesn't check again with the attestation server. The tags on the host are used for servicing the deploy vm on trusted host request. > > Thanks, > Manasa