incubator-cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Devdeep Singh <devdeep.si...@citrix.com>
Subject RE: [DISCUSS] Support for Intel TXT technology
Date Thu, 10 Jan 2013 08:04:17 GMT
Hi Hari,

In point 3, I just want to bring out that CloudStack will have to be configured to talk to
the attestation service. Is it correct to conclude that support needs to be added only for
Intel attestation service?

Regards,
Devdeep

> -----Original Message-----
> From: Hari Kannan [mailto:hari.kannan@citrix.com]
> Sent: Thursday, January 10, 2013 12:19 PM
> To: cloudstack-dev@incubator.apache.org
> Subject: RE: [DISCUSS] Support for Intel TXT technology
> 
> Hi Devdeep,
> 
> What is the difference between 1 and 3 below? Look same to me.
> 
> These assumptions seem fair to me.
> 
> I think the code name you refer to below for the attestation server is Intel
> internal codename - I'm not sure if we should be referring by this name..
> 
> Hari
> 
> -----Original Message-----
> From: Devdeep Singh [mailto:devdeep.singh@citrix.com]
> Sent: Wednesday, January 9, 2013 10:41 PM
> To: cloudstack-dev@incubator.apache.org
> Subject: RE: [DISCUSS] Support for Intel TXT technology
> 
> I would like to get some of the requirements cleared before working on the
> FS. There were several assumptions made in the POC and they need to be
> clarified.
> 
> 1. CloudStack will have to talk to a attestation server to check if a host is
> trusted or not. Is it correct to assume the attestation server; which can be a
> virtual appliance; is not managed by CloudStack?
> 2. The trust relation between the attestation server and hosts will be
> established outside the scope of CloudStack. CloudStack will just check with
> the attestation server whether a host is trusted or not.
> 3. Intel attestation server is called Mt. Wilson. Anyone who is interested in
> using the feature will have to setup the Mt. Wilson server and configure
> CloudStack to talk to it.
> 4. Mt. Wilson provides an API Client toolkit (jar files) for quick integration. I am
> not sure how they are licensed, but if they are not compatible with apache
> license, this feature will have be under 'nonoss'.
> 
> Regards,
> Devdeep
> 
> > -----Original Message-----
> > From: Animesh Chaturvedi [mailto:animesh.chaturvedi@citrix.com]
> > Sent: Thursday, January 10, 2013 2:48 AM
> > To: cloudstack-dev@incubator.apache.org
> > Subject: RE: [DISCUSS] Support for Intel TXT technology
> >
> > Sure Devdeep can provide the details
> >
> > > -----Original Message-----
> > > From: Chip Childers [mailto:chip.childers@sungard.com]
> > > Sent: Wednesday, January 09, 2013 1:00 PM
> > > To: cloudstack-dev@incubator.apache.org
> > > Subject: Re: [DISCUSS] Support for Intel TXT technology
> > >
> > > On Wed, Jan 9, 2013 at 3:56 PM, Hari Kannan <hari.kannan@citrix.com>
> > wrote:
> > > > Hi Chip,
> > > >
> > > > I will let Animesh comment on the IP/repo stuff - regarding the
> > > > other
> > > > 2 topics you raised
> > > >
> > > > - I wouldn't claim code at a  "done" level yet - we did develop
> > > > code to a sufficient level to demo, but it would need some more
> > > > work for sure. It hadn't made it as part of any Citrix commercial
> > > > product either - it was developed, showcased but hasn't yet seen
> > > > the light of the day
> > >
> > > Understood...  so perhaps there isn't a design document.  Perhaps
> > > the author of the code (not sure who it is) wouldn't mind adding
> > > some basic design elements to the FS wiki page.  That will help the
> > > community evaluate the inclusion of the donated code.
> > >
> > > > - Regarding the XS part, it has been developed/tested only for XS
> > > > - however,
> > > the feature is not restricted for XS - in other words, unlike the
> > > host updates, which was meant to be for XS only, this feature
> > > eventually must support all hypervisors (or even baremetal servers)
> > > - at this time, it has been developed for XS only..
> > > >
> > >
> > > Excellent.  I'd like to see that reflected in the design / code as
> > > well, but glad to hear it was a consideration!
> > >
> > > > Hari
> > > >
> > > > -----Original Message-----
> > > > From: Chip Childers [mailto:chip.childers@sungard.com]
> > > > Sent: Wednesday, January 9, 2013 12:52 PM
> > > > To: cloudstack-dev@incubator.apache.org
> > > > Subject: Re: [DISCUSS] Support for Intel TXT technology
> > > >
> > > > On Wed, Jan 9, 2013 at 3:44 PM, David Nalley <david@gnsa.us> wrote:
> > > >> On Wed, Jan 9, 2013 at 3:37 PM, Animesh Chaturvedi
> > > >> <animesh.chaturvedi@citrix.com> wrote:
> > > >>> This came in as I was following up on  action item from IRC today.
> > > >>> This
> > > feature is something that has already been developed before ACS 4.0
> > > and processes were formalized and also had been demonstrated in
> > > public forms such as in Intel Developers Forum last Sept but somehow
> > > missed
> > getting filed.
> > > Can we consider it as an exception and take it for 4.1.  I
> > > understand we are few days past cutoff,  I will ensure we are more diligent
> in future.
> > > >>>
> > > >>> Animesh
> > > >>
> > > >>
> > > >> Is the code already in the repo? Or was it developed externally?
> > > >>
> > > >
> > > > Good question.  My previous email made the assumption that it was
> > > > not
> > > currently in the project repo, but I could certainly be mistaken.
> > > >
> > > > -chip
> > > >

Mime
View raw message