----- Original Message ----- > From: "Mark Wu" <[email protected]> > To: "Caitlin Bestler" <[email protected]> > Cc: "Michal Skrivanek" <[email protected]>, [email protected] > Sent: Friday, January 11, 2013 1:05:10 AM > Subject: Re: tunnelled migration > > On 01/11/2013 04:14 AM, Caitlin Bestler wrote: > > Dan Kenisberg wrote: > > > > > >> Choosing tunnelled migration is thus a matter of policy. I would > >> like to suggest a new cluster-level configurable in Engine, > >> that controls whether migrations in this cluster are tunnelled. > >> The configurable must be available only in new cluster levels > >> where hosts support it. > > Why not just dump this issue to network configuration? > > > > Migrations occur over a secure network. That security could be > > provided by port groups, VLANs or encrypted tunnels. > Agreed. Is a separate vlan network not secure enough? If yes, we > could > build a virtual encrypted network, like using openvpn + iptables.
While I agree that a vlan should be enough, and that's their purpose we've learned from downstream customers that this isn't enough and their security teams require all traffic to be encrypted. > > > > _______________________________________________ > > Arch mailing list > > [email protected] > > http://lists.ovirt.org/mailman/listinfo/arch > > > > _______________________________________________ > Arch mailing list > [email protected] > http://lists.ovirt.org/mailman/listinfo/arch > _______________________________________________ Arch mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/arch
