incubator-cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Hari Kannan <hari.kan...@citrix.com>
Subject RE: [DISCUSS] Support for Intel TXT technology
Date Thu, 10 Jan 2013 06:48:46 GMT
Hi Devdeep,

What is the difference between 1 and 3 below? Look same to me.

These assumptions seem fair to me.

I think the code name you refer to below for the attestation server is Intel internal codename
- I'm not sure if we should be referring by this name..

Hari

-----Original Message-----
From: Devdeep Singh [mailto:devdeep.singh@citrix.com] 
Sent: Wednesday, January 9, 2013 10:41 PM
To: cloudstack-dev@incubator.apache.org
Subject: RE: [DISCUSS] Support for Intel TXT technology

I would like to get some of the requirements cleared before working on the FS. There were
several assumptions made in the POC and they need to be clarified.

1. CloudStack will have to talk to a attestation server to check if a host is trusted or not.
Is it correct to assume the attestation server; which can be a virtual appliance; is not managed
by CloudStack?
2. The trust relation between the attestation server and hosts will be established outside
the scope of CloudStack. CloudStack will just check with the attestation server whether a
host is trusted or not.
3. Intel attestation server is called Mt. Wilson. Anyone who is interested in using the feature
will have to setup the Mt. Wilson server and configure CloudStack to talk to it.
4. Mt. Wilson provides an API Client toolkit (jar files) for quick integration. I am not sure
how they are licensed, but if they are not compatible with apache license, this feature will
have be under 'nonoss'.

Regards,
Devdeep

> -----Original Message-----
> From: Animesh Chaturvedi [mailto:animesh.chaturvedi@citrix.com]
> Sent: Thursday, January 10, 2013 2:48 AM
> To: cloudstack-dev@incubator.apache.org
> Subject: RE: [DISCUSS] Support for Intel TXT technology
> 
> Sure Devdeep can provide the details
> 
> > -----Original Message-----
> > From: Chip Childers [mailto:chip.childers@sungard.com]
> > Sent: Wednesday, January 09, 2013 1:00 PM
> > To: cloudstack-dev@incubator.apache.org
> > Subject: Re: [DISCUSS] Support for Intel TXT technology
> >
> > On Wed, Jan 9, 2013 at 3:56 PM, Hari Kannan <hari.kannan@citrix.com>
> wrote:
> > > Hi Chip,
> > >
> > > I will let Animesh comment on the IP/repo stuff - regarding the 
> > > other
> > > 2 topics you raised
> > >
> > > - I wouldn't claim code at a  "done" level yet - we did develop 
> > > code to a sufficient level to demo, but it would need some more 
> > > work for sure. It hadn't made it as part of any Citrix commercial 
> > > product either - it was developed, showcased but hasn't yet seen 
> > > the light of the day
> >
> > Understood...  so perhaps there isn't a design document.  Perhaps 
> > the author of the code (not sure who it is) wouldn't mind adding 
> > some basic design elements to the FS wiki page.  That will help the 
> > community evaluate the inclusion of the donated code.
> >
> > > - Regarding the XS part, it has been developed/tested only for XS 
> > > - however,
> > the feature is not restricted for XS - in other words, unlike the 
> > host updates, which was meant to be for XS only, this feature 
> > eventually must support all hypervisors (or even baremetal servers) 
> > - at this time, it has been developed for XS only..
> > >
> >
> > Excellent.  I'd like to see that reflected in the design / code as 
> > well, but glad to hear it was a consideration!
> >
> > > Hari
> > >
> > > -----Original Message-----
> > > From: Chip Childers [mailto:chip.childers@sungard.com]
> > > Sent: Wednesday, January 9, 2013 12:52 PM
> > > To: cloudstack-dev@incubator.apache.org
> > > Subject: Re: [DISCUSS] Support for Intel TXT technology
> > >
> > > On Wed, Jan 9, 2013 at 3:44 PM, David Nalley <david@gnsa.us> wrote:
> > >> On Wed, Jan 9, 2013 at 3:37 PM, Animesh Chaturvedi 
> > >> <animesh.chaturvedi@citrix.com> wrote:
> > >>> This came in as I was following up on  action item from IRC today.
> > >>> This
> > feature is something that has already been developed before ACS 4.0 
> > and processes were formalized and also had been demonstrated in 
> > public forms such as in Intel Developers Forum last Sept but somehow 
> > missed
> getting filed.
> > Can we consider it as an exception and take it for 4.1.  I 
> > understand we are few days past cutoff,  I will ensure we are more diligent in future.
> > >>>
> > >>> Animesh
> > >>
> > >>
> > >> Is the code already in the repo? Or was it developed externally?
> > >>
> > >
> > > Good question.  My previous email made the assumption that it was 
> > > not
> > currently in the project repo, but I could certainly be mistaken.
> > >
> > > -chip
> > >

Mime
View raw message