Arg, hit send to quick.

*likely these problems would require some managed migration "thing" that would 
temporarily open the network access, issue temporary auth keys and the initiate 
the migration between the 2 hypervisors. Is this in your scope, to make this 
thing??

Sent from my really tiny device...

On Aug 25, 2013, at 2:42 PM, "Joshua Harlow" 
<harlo...@yahoo-inc.com<mailto:harlo...@yahoo-inc.com>> wrote:

Hi,

I think it's a good idea, can u describe more what would be different, would 
there be a new auth and live migration mechanism?

I think one of the problems at least yahoo has is that live migration requires 
all ssh keys to be on all hypervisors since hypervisors (libvirtd) open up the 
connection to the hypervisor to be migrated to. This is obviously bad, as any 
hacker if they can get out of a vm now can start issuing these migration 
requests. Also at yahoo we don't allow hypervisors to communicate openly to 
each other, this is protected at the network level. Would u be working on 
solutions to these problems (likely involving

Sent from my really tiny device...

On Aug 25, 2013, at 6:33 AM, "Naveed Ahmad" 
<12msccsnah...@seecs.edu.pk<mailto:12msccsnah...@seecs.edu.pk>> wrote:


thanks for replying Joshua,


VM migration is the process used to migrate vm from one physical server to 
another physical server due to many reasons like system maintenance, hardware 
failure ,

VM is important element in cloud as well, so we do same in the cloud. xen/kvm 
hypervisor used in the openstack dont provide security  in this process. i 
studied few paper on it  which are related to VM migration in DC instead of 
Cloud.   i also seen book on openstack security in which it is describe that 
xen/kvm could not provide security but libvirt can be used with xen/kvm to 
secure this process.

Currently libvirt is providing ssl for confidentiality of data between source 
and destination. and SASL for authentication. i want to add other 
authentication mechanism in it and in the end it would be added in the 
Dashboard of openstack so that administrator use it easily, Access control is 
also part of this thesis..


may you got my idea Mr. Joshua Harlow and now please comment on it. is it good 
or not? your comment will help me to choose good topic in cloud security,


Regards










On Sun, Aug 25, 2013 at 4:17 AM, Joshua Harlow 
<harlo...@yahoo-inc.com<mailto:harlo...@yahoo-inc.com>> wrote:
Is there any write up of what u want to do or is that not defined yet?

If u can write up some information I think that would help others provide 
feedback as well as help everyone (including yourself) see the goal too be 
accomplished. It's hard to tell what the desired outcome is otherwise, secure 
vm migration could mean a lot of things :)

Sent from my really tiny device...

On Aug 24, 2013, at 12:26 PM, "Naveed Ahmad" 
<12msccsnah...@seecs.edu.pk<mailto:12msccsnah...@seecs.edu.pk>> wrote:

>
>
> Hi all,
>
>
>
> I am doing thesis in cloud computing security domain, i selected to secure vm 
> migration  process in openstack.
> Please let me know about this idea. i have done some initial work on it. i 
> need comment of you people which will be helpful for me.
>
>
>
>
> Thanks and Regards
>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev@lists.openstack.org<mailto:OpenStack-dev@lists.openstack.org>
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

_______________________________________________
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org<mailto:OpenStack-dev@lists.openstack.org>
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

_______________________________________________
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org<mailto:OpenStack-dev@lists.openstack.org>
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
_______________________________________________
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Reply via email to