Re: feature suggestion: migration network

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Jan 10, 2013 at 02:00:57PM +0200, Dan Kenigsberg wrote:
> vdsm-vdsm and libvirt-libvirt communication is authenticated, but I am
> not sure at all that qemu-qemu communication is.
> 
> After qemu is sprung up on the destination with
>     -incoming <some ip>:<some port> , anything with access to that
> address could hijack the process. Our migrateURI starts with "tcp://"
> with all the consequences of this. That a good reason to make sure
> <some ip> has as limited access as possible.

The QEMU<->QEMU communication channel is neither authenticated or
encrypted, so if you are allowing migration directly over QEMU TCP
channels you have a requirement for a trusted, secure mgmt network
for this traffic.

If your network is not trusted, then currently the only alternative
is to make use of libvirt tunnelled migration.

I would like to see QEMU gain support for using TLS on its migration
sockets, so that you can have a secure QEMU<->QEMU path without needing
to tunnel via libvirtd.

Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list


[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]