migration questions

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

migration questions

Alan Greenspan
Is there a plan for adding security to migration?  It appears that one can push a domain to any Xen enabled host on the same subnet, thus gaining access to its block devices, etc on the destination host.   It would be reasonable to have a xen.hosts.migrate.allow type file to grant access to hosts wishing to migrate domains into the local machine.
 
It might be useful to have "pre-migrate" mechanism that would validate the resources necessary to migrate a domain.   This might send the domain config to the remote host and receive a descriptor detailing the load on the host and the viability of mem/devices needed to perform the migrate.   This would help build clustering capabilities where a migration choice could be made based on load/resources.
 
After a successful migrate, there appears to be no persisted domain config on the destination.   Seems like there should be a means to have the destination persist the config automatically on a successful migration, so that on host reboot or failure/recovery of the destination host, the migrated domain config is available.   Without an automatic persist of the config, there might be a window where a domain could be lost (crash before an admin has a chance to observe the successful migrate and can extract or copy the config to the destination).

_______________________________________________
Xen-users mailing list
[hidden email]
http://lists.xensource.com/xen-users