> From: libvir-list-bounces@xxxxxxxxxx [mailto:libvir-list- > bounces@xxxxxxxxxx] On Behalf Of Chris Lalancette ... > 2) virsh on the controller connects to the src, and initiates the > migration > command. In turn, this causes the controller to also connect to the > dst. Now, > during the "Prepare" step on the dst, we setup a qemu container to > listen to > some port (call it 1234) on localhost. It also forks an external > program (or a > thread) to listen for an incoming gnutls connection. Next, the > "Perform" step > is call on the src machine. This forks an external program (or thread) > to > listen for incoming data from a localhost migration, do the gnutls > handshake > with the dst, and dump the data over the gnutls connection to the dst. [IH] how is the connection secured? Do you assume both hosts share Kerberos/certificates trust? Does the controller pass a shared encryption key to both parties? (I also like this approach better, since it keeps the existing qemu migration, which is hard enough to stabilize) -- Libvir-list mailing list Libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list