incubator-cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex Huang <Alex.Hu...@citrix.com>
Subject RE: [DISCUSS] Support for Intel TXT technology
Date Thu, 10 Jan 2013 13:27:44 GMT
Devdeep,

What you listed here are good starts to the requirements gathering.  Why not post them on
the wiki?

We do need to resolve the license issue though.

--Alex

> -----Original Message-----
> From: Devdeep Singh [mailto:devdeep.singh@citrix.com]
> Sent: Thursday, January 10, 2013 12:04 AM
> To: cloudstack-dev@incubator.apache.org
> Subject: RE: [DISCUSS] Support for Intel TXT technology
> 
> Hi Hari,
> 
> In point 3, I just want to bring out that CloudStack will have to be configured
> to talk to the attestation service. Is it correct to conclude that support needs
> to be added only for Intel attestation service?
> 
> Regards,
> Devdeep
> 
> > -----Original Message-----
> > From: Hari Kannan [mailto:hari.kannan@citrix.com]
> > Sent: Thursday, January 10, 2013 12:19 PM
> > To: cloudstack-dev@incubator.apache.org
> > Subject: RE: [DISCUSS] Support for Intel TXT technology
> >
> > Hi Devdeep,
> >
> > What is the difference between 1 and 3 below? Look same to me.
> >
> > These assumptions seem fair to me.
> >
> > I think the code name you refer to below for the attestation server is Intel
> > internal codename - I'm not sure if we should be referring by this name..
> >
> > Hari
> >
> > -----Original Message-----
> > From: Devdeep Singh [mailto:devdeep.singh@citrix.com]
> > Sent: Wednesday, January 9, 2013 10:41 PM
> > To: cloudstack-dev@incubator.apache.org
> > Subject: RE: [DISCUSS] Support for Intel TXT technology
> >
> > I would like to get some of the requirements cleared before working on
> the
> > FS. There were several assumptions made in the POC and they need to be
> > clarified.
> >
> > 1. CloudStack will have to talk to a attestation server to check if a host is
> > trusted or not. Is it correct to assume the attestation server; which can be a
> > virtual appliance; is not managed by CloudStack?
> > 2. The trust relation between the attestation server and hosts will be
> > established outside the scope of CloudStack. CloudStack will just check with
> > the attestation server whether a host is trusted or not.
> > 3. Intel attestation server is called Mt. Wilson. Anyone who is interested in
> > using the feature will have to setup the Mt. Wilson server and configure
> > CloudStack to talk to it.
> > 4. Mt. Wilson provides an API Client toolkit (jar files) for quick integration.
I
> am
> > not sure how they are licensed, but if they are not compatible with apache
> > license, this feature will have be under 'nonoss'.
> >
> > Regards,
> > Devdeep
> >
> > > -----Original Message-----
> > > From: Animesh Chaturvedi [mailto:animesh.chaturvedi@citrix.com]
> > > Sent: Thursday, January 10, 2013 2:48 AM
> > > To: cloudstack-dev@incubator.apache.org
> > > Subject: RE: [DISCUSS] Support for Intel TXT technology
> > >
> > > Sure Devdeep can provide the details
> > >
> > > > -----Original Message-----
> > > > From: Chip Childers [mailto:chip.childers@sungard.com]
> > > > Sent: Wednesday, January 09, 2013 1:00 PM
> > > > To: cloudstack-dev@incubator.apache.org
> > > > Subject: Re: [DISCUSS] Support for Intel TXT technology
> > > >
> > > > On Wed, Jan 9, 2013 at 3:56 PM, Hari Kannan <hari.kannan@citrix.com>
> > > wrote:
> > > > > Hi Chip,
> > > > >
> > > > > I will let Animesh comment on the IP/repo stuff - regarding the
> > > > > other
> > > > > 2 topics you raised
> > > > >
> > > > > - I wouldn't claim code at a  "done" level yet - we did develop
> > > > > code to a sufficient level to demo, but it would need some more
> > > > > work for sure. It hadn't made it as part of any Citrix commercial
> > > > > product either - it was developed, showcased but hasn't yet seen
> > > > > the light of the day
> > > >
> > > > Understood...  so perhaps there isn't a design document.  Perhaps
> > > > the author of the code (not sure who it is) wouldn't mind adding
> > > > some basic design elements to the FS wiki page.  That will help the
> > > > community evaluate the inclusion of the donated code.
> > > >
> > > > > - Regarding the XS part, it has been developed/tested only for XS
> > > > > - however,
> > > > the feature is not restricted for XS - in other words, unlike the
> > > > host updates, which was meant to be for XS only, this feature
> > > > eventually must support all hypervisors (or even baremetal servers)
> > > > - at this time, it has been developed for XS only..
> > > > >
> > > >
> > > > Excellent.  I'd like to see that reflected in the design / code as
> > > > well, but glad to hear it was a consideration!
> > > >
> > > > > Hari
> > > > >
> > > > > -----Original Message-----
> > > > > From: Chip Childers [mailto:chip.childers@sungard.com]
> > > > > Sent: Wednesday, January 9, 2013 12:52 PM
> > > > > To: cloudstack-dev@incubator.apache.org
> > > > > Subject: Re: [DISCUSS] Support for Intel TXT technology
> > > > >
> > > > > On Wed, Jan 9, 2013 at 3:44 PM, David Nalley <david@gnsa.us>
wrote:
> > > > >> On Wed, Jan 9, 2013 at 3:37 PM, Animesh Chaturvedi
> > > > >> <animesh.chaturvedi@citrix.com> wrote:
> > > > >>> This came in as I was following up on  action item from IRC
today.
> > > > >>> This
> > > > feature is something that has already been developed before ACS 4.0
> > > > and processes were formalized and also had been demonstrated in
> > > > public forms such as in Intel Developers Forum last Sept but somehow
> > > > missed
> > > getting filed.
> > > > Can we consider it as an exception and take it for 4.1.  I
> > > > understand we are few days past cutoff,  I will ensure we are more
> diligent
> > in future.
> > > > >>>
> > > > >>> Animesh
> > > > >>
> > > > >>
> > > > >> Is the code already in the repo? Or was it developed externally?
> > > > >>
> > > > >
> > > > > Good question.  My previous email made the assumption that it was
> > > > > not
> > > > currently in the project repo, but I could certainly be mistaken.
> > > > >
> > > > > -chip
> > > > >

Mime
View raw message