Hi, I need some assistance. i am very confused in one thing of Openstack. How it manages VM's . i mean to say where i can find all files related to single VM . i have Vbox on my system and in the VM main folder i have 3 files and 1 folder. I have attached snapshot of it.
How can i see those files for VM in Openstack. I know it uses XEN/KVM hypervisor but where it store the VM all related files. I tried to find it on Openstack but no success yet. I would be very thankful to you Regards Naveed On Wed, Oct 2, 2013 at 12:02 AM, Joshua Harlow <[email protected]>wrote: > Sure, I'd like to hear about it :) > > From: Naveed Ahmad <[email protected]> > Date: Tuesday, October 1, 2013 11:22 AM > > To: Joshua Harlow <[email protected]> > Subject: Re: [openstack-dev] Secure live VM migration in cloud (openstack) > > Hi > Respected Sir, > > Hopefully you will be fine. previously i discussed with you about my > thesis. can i share with you flow of secure live vm migration process w r > t cloud . i almost completed the design that i will implement in > libvirt/openstack. > > > Regards > > > > > On Tue, Aug 27, 2013 at 11:12 AM, Naveed Ahmad <[email protected] > > wrote: > >> >> Sir i have seen openstack code yet and you are right , it is possible >> with nova. i will update you soon about my plan. >> >> Thanks for sharing useful links and thanks for nice discussion. >> >> >> Regards >> >> >> >> >> >> >> On Tue, Aug 27, 2013 at 9:29 AM, Joshua Harlow <[email protected]>wrote: >> >>> Cool, so are u thinking about doing most of this at the openstack code >>> level then or at the libvirt level?? >>> >>> I could see it being possible to do this in nova itself, or at a lower >>> level in libvirt. >>> >>> U might be interested in a wiki I made a while ago @ >>> https://wiki.openstack.org/wiki/LiveMigrationWorkflows >>> >>> It might not be fully accurate, but u can likely determine the places >>> u would need to change from that. >>> >>> Also https://blueprints.launchpad.net/nova/+spec/unified-migrations might >>> be interesting to u. >>> >>> From: Naveed Ahmad <[email protected]> >>> Date: Monday, August 26, 2013 9:04 PM >>> To: Joshua Harlow <[email protected]> >>> >>> Subject: Re: [openstack-dev] Secure live VM migration in cloud >>> (openstack) >>> >>> Respected Joshua Harlow, >>> >>> no i did not talk with libvirt team. but i have seen feature list of >>> libvirt only and documentation of openstack. >>> >>> Regards >>> >>> >>> >>> On Tue, Aug 27, 2013 at 2:58 AM, Joshua Harlow >>> <[email protected]>wrote: >>> >>>> Hi, >>>> >>>> Those ideas sounds pretty good to me. Although I'm not an expert in >>>> the security area, have u talked with the libvirt folks. I wonder if they >>>> have any of this planned? >>>> >>>> From: Naveed Ahmad <[email protected]> >>>> Reply-To: OpenStack Development Mailing List < >>>> [email protected]> >>>> Date: Monday, August 26, 2013 11:10 AM >>>> To: OpenStack Development Mailing List < >>>> [email protected]> >>>> Subject: Re: [openstack-dev] Secure live VM migration in cloud >>>> (openstack) >>>> >>>> Respected Joshua Harlow, >>>> >>>> Thanks for reply, >>>> >>>> Based on literature survey i found that following techniques are used >>>> for secure live migration of vm. >>>> >>>> 1. RSA with SSL protocol for authentication and encryption. >>>> As you mentioned earlier same problem is in RSA based authentication. >>>> we have to add public keys of all other hypervisors. >>>> >>>> In Blackhat 2013, security research found vulnerability in SSL so it >>>> can be breakable in very short time. >>>> please check >>>> >>>> http://arstechnica.com/security/2013/08/gone-in-30-seconds-new-attack-plucks-secrets-from-https-protected-pages/ >>>> >>>> 2. SSH is used for secure tunnel before live vm migration. >>>> >>>> Authentication is not discussed, only secure tunnel is used to >>>> achieve confidentiality. >>>> >>>> 3. Openstack uses libvirtd with kvm to provide secure vm migration >>>> between src and dst machine. >>>> SSL is used for encrypted channel and SASL is used for >>>> authentication. >>>> >>>> >>>> >>>> so i am interested to implement authentication level's in live vm >>>> migration. >>>> >>>> 1.no authentication >>>> 2. Certificate base >>>> 3.smart card based authentication >>>> >>>> and similarly ssl provide secure channel but after that seaprate VLAN >>>> is used for vm migration traffic. if we use ipsec then we can achieve same >>>> goal on network layer to hide all communication of vm migration. >>>> >>>> >>>> >>>> Regards >>>> Naveed >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> On Mon, Aug 26, 2013 at 2:44 AM, Joshua Harlow >>>> <[email protected]>wrote: >>>> >>>>> Arg, hit send to quick. >>>>> >>>>> *likely these problems would require some managed migration "thing" >>>>> that would temporarily open the network access, issue temporary auth keys >>>>> and the initiate the migration between the 2 hypervisors. Is this in your >>>>> scope, to make this thing?? >>>>> >>>>> >>>>> Sent from my really tiny device... >>>>> >>>>> On Aug 25, 2013, at 2:42 PM, "Joshua Harlow" <[email protected]> >>>>> wrote: >>>>> >>>>> Hi, >>>>> >>>>> I think it's a good idea, can u describe more what would be >>>>> different, would there be a new auth and live migration mechanism? >>>>> >>>>> I think one of the problems at least yahoo has is that live >>>>> migration requires all ssh keys to be on all hypervisors since hypervisors >>>>> (libvirtd) open up the connection to the hypervisor to be migrated to. >>>>> This >>>>> is obviously bad, as any hacker if they can get out of a vm now can start >>>>> issuing these migration requests. Also at yahoo we don't allow hypervisors >>>>> to communicate openly to each other, this is protected at the network >>>>> level. Would u be working on solutions to these problems (likely involving >>>>> >>>>> Sent from my really tiny device... >>>>> >>>>> On Aug 25, 2013, at 6:33 AM, "Naveed Ahmad" < >>>>> [email protected]> wrote: >>>>> >>>>> >>>>> thanks for replying Joshua, >>>>> >>>>> >>>>> VM migration is the process used to migrate vm from one physical >>>>> server to another physical server due to many reasons like system >>>>> maintenance, hardware failure , >>>>> >>>>> VM is important element in cloud as well, so we do same in the >>>>> cloud. xen/kvm hypervisor used in the openstack dont provide security in >>>>> this process. i studied few paper on it which are related to VM migration >>>>> in DC instead of Cloud. i also seen book on openstack security in which >>>>> it is describe that xen/kvm could not provide security but libvirt can be >>>>> used with xen/kvm to secure this process. >>>>> >>>>> Currently libvirt is providing ssl for confidentiality of data >>>>> between source and destination. and SASL for authentication. i want to add >>>>> other authentication mechanism in it and in the end it would be added in >>>>> the Dashboard of openstack so that administrator use it easily, Access >>>>> control is also part of this thesis.. >>>>> >>>>> >>>>> may you got my idea Mr. Joshua Harlow and now please comment on it. >>>>> is it good or not? your comment will help me to choose good topic in cloud >>>>> security, >>>>> >>>>> >>>>> Regards >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> On Sun, Aug 25, 2013 at 4:17 AM, Joshua Harlow <[email protected] >>>>> > wrote: >>>>> >>>>>> Is there any write up of what u want to do or is that not defined yet? >>>>>> >>>>>> If u can write up some information I think that would help others >>>>>> provide feedback as well as help everyone (including yourself) see the >>>>>> goal >>>>>> too be accomplished. It's hard to tell what the desired outcome is >>>>>> otherwise, secure vm migration could mean a lot of things :) >>>>>> >>>>>> Sent from my really tiny device... >>>>>> >>>>>> On Aug 24, 2013, at 12:26 PM, "Naveed Ahmad" < >>>>>> [email protected]> wrote: >>>>>> >>>>>> > >>>>>> > >>>>>> > Hi all, >>>>>> > >>>>>> > >>>>>> > >>>>>> > I am doing thesis in cloud computing security domain, i selected to >>>>>> secure vm migration process in openstack. >>>>>> > Please let me know about this idea. i have done some initial work >>>>>> on it. i need comment of you people which will be helpful for me. >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > Thanks and Regards >>>>>> > >>>>>> > >>>>>> > _______________________________________________ >>>>>> > OpenStack-dev mailing list >>>>>> > [email protected] >>>>>> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >>>>>> >>>>>> _______________________________________________ >>>>>> OpenStack-dev mailing list >>>>>> [email protected] >>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >>>>>> >>>>> >>>>> _______________________________________________ >>>>> OpenStack-dev mailing list >>>>> [email protected] >>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >>>>> >>>>> >>>>> _______________________________________________ >>>>> OpenStack-dev mailing list >>>>> [email protected] >>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >>>>> >>>>> >>>> >>> >> >
<<attachment: rest.png>>
_______________________________________________ OpenStack-dev mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
