cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rohit Yadav (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (CLOUDSTACK-10333) Secure VM Live migration for KVM
Date Wed, 21 Mar 2018 08:26:00 GMT

     [ https://issues.apache.org/jira/browse/CLOUDSTACK-10333?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Rohit Yadav updated CLOUDSTACK-10333:
-------------------------------------
    Description: 
With use of CA framework to secure hosts, the current mechanisms don't secure libvirtd to
use those certificates (used by agent to connect to mgmt server). This causes insecure vm
migration over tcp instead of tls. The aim is to use the same framework and certificates to
secure live VM migration. This could be coupled with securing of a host and renewal/provisioning
of certificates to host.

 

FS: https://cwiki.apache.org/confluence/display/CLOUDSTACK/Secure+Live+VM+Migration+for+KVM

  was:With use of CA framework to secure hosts, the current mechanisms don't secure libvirtd
to use those certificates (used by agent to connect to mgmt server). This causes insecure
vm migration over tcp instead of tls. The aim is to use the same framework and certificates
to secure live VM migration. This could be coupled with securing of a host and renewal/provisioning
of certificates to host.


> Secure VM Live migration for KVM
> --------------------------------
>
>                 Key: CLOUDSTACK-10333
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10333
>             Project: CloudStack
>          Issue Type: Improvement
>      Security Level: Public(Anyone can view this level - this is the default.) 
>            Reporter: Rohit Yadav
>            Assignee: Rohit Yadav
>            Priority: Major
>             Fix For: 4.12.0.0, 4.11.1.0
>
>
> With use of CA framework to secure hosts, the current mechanisms don't secure libvirtd
to use those certificates (used by agent to connect to mgmt server). This causes insecure
vm migration over tcp instead of tls. The aim is to use the same framework and certificates
to secure live VM migration. This could be coupled with securing of a host and renewal/provisioning
of certificates to host.
>  
> FS: https://cwiki.apache.org/confluence/display/CLOUDSTACK/Secure+Live+VM+Migration+for+KVM



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message