
we are subject to PCI-DSS. I have some questions. We currently have setup oVirt 
in our environnement.
We created 2 Datacenter.
- one with a cluster with hosted engine on gluster (Hyperconverged env) which 
represents the "LAN" part
- one with a cluster with gluster storage wich is the DMZ

In PCI-DSS we have to secure communication (use HTTPs as much as possible). I 
did saw that ovirt-ha-agent (on hosted-engine capable host) check the status of 
the engine by sending GET request on the hosted-engine on port 80 (the same 
check that hosted-engine --vm-status did in fact). 
Since ovirt 4.2.2, with the introduction of gluster eventing, a new flow (HTTP 
post resquest) is needed from gluster nodes to the engine. (In my case, it's a 
flow from the DMZ to the LAN part in HTTP (non secure)

Here is my question. Is it possible to "hardering" this part of the engine ?

Another question out of PCI scope. Events like warning and error in the 
dashboard are clean each days. I tried to find which process did that (look 
into /etc/cron.daily, root crontab, etc) on the engine
without succes. Is there any maintenance task that is run periodicaly ? Could 
we have the list of all the engine's task ? (regulary check the status of host, 
vm, storage) also the frequency ?

I would appreciate the help. (Great great product ovirt !) Thank you for your 
jobs ! We did manage KVM hypervisor as standalone machine without all the power 
that libvirt provides. No need to spend lot of money into licencing product 
(VSphere and co)
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org

Reply via email to