Devdeep, What you listed here are good starts to the requirements gathering. Why not post them on the wiki?
We do need to resolve the license issue though. --Alex > -----Original Message----- > From: Devdeep Singh [mailto:devdeep.si...@citrix.com] > Sent: Thursday, January 10, 2013 12:04 AM > To: cloudstack-dev@incubator.apache.org > Subject: RE: [DISCUSS] Support for Intel TXT technology > > Hi Hari, > > In point 3, I just want to bring out that CloudStack will have to be > configured > to talk to the attestation service. Is it correct to conclude that support > needs > to be added only for Intel attestation service? > > Regards, > Devdeep > > > -----Original Message----- > > From: Hari Kannan [mailto:hari.kan...@citrix.com] > > Sent: Thursday, January 10, 2013 12:19 PM > > To: cloudstack-dev@incubator.apache.org > > Subject: RE: [DISCUSS] Support for Intel TXT technology > > > > Hi Devdeep, > > > > What is the difference between 1 and 3 below? Look same to me. > > > > These assumptions seem fair to me. > > > > I think the code name you refer to below for the attestation server is Intel > > internal codename - I'm not sure if we should be referring by this name.. > > > > Hari > > > > -----Original Message----- > > From: Devdeep Singh [mailto:devdeep.si...@citrix.com] > > Sent: Wednesday, January 9, 2013 10:41 PM > > To: cloudstack-dev@incubator.apache.org > > Subject: RE: [DISCUSS] Support for Intel TXT technology > > > > I would like to get some of the requirements cleared before working on > the > > FS. There were several assumptions made in the POC and they need to be > > clarified. > > > > 1. CloudStack will have to talk to a attestation server to check if a host > > is > > trusted or not. Is it correct to assume the attestation server; which can > > be a > > virtual appliance; is not managed by CloudStack? > > 2. The trust relation between the attestation server and hosts will be > > established outside the scope of CloudStack. CloudStack will just check with > > the attestation server whether a host is trusted or not. > > 3. Intel attestation server is called Mt. Wilson. Anyone who is interested > > in > > using the feature will have to setup the Mt. Wilson server and configure > > CloudStack to talk to it. > > 4. Mt. Wilson provides an API Client toolkit (jar files) for quick > > integration. I > am > > not sure how they are licensed, but if they are not compatible with apache > > license, this feature will have be under 'nonoss'. > > > > Regards, > > Devdeep > > > > > -----Original Message----- > > > From: Animesh Chaturvedi [mailto:animesh.chaturv...@citrix.com] > > > Sent: Thursday, January 10, 2013 2:48 AM > > > To: cloudstack-dev@incubator.apache.org > > > Subject: RE: [DISCUSS] Support for Intel TXT technology > > > > > > Sure Devdeep can provide the details > > > > > > > -----Original Message----- > > > > From: Chip Childers [mailto:chip.child...@sungard.com] > > > > Sent: Wednesday, January 09, 2013 1:00 PM > > > > To: cloudstack-dev@incubator.apache.org > > > > Subject: Re: [DISCUSS] Support for Intel TXT technology > > > > > > > > On Wed, Jan 9, 2013 at 3:56 PM, Hari Kannan <hari.kan...@citrix.com> > > > wrote: > > > > > Hi Chip, > > > > > > > > > > I will let Animesh comment on the IP/repo stuff - regarding the > > > > > other > > > > > 2 topics you raised > > > > > > > > > > - I wouldn't claim code at a "done" level yet - we did develop > > > > > code to a sufficient level to demo, but it would need some more > > > > > work for sure. It hadn't made it as part of any Citrix commercial > > > > > product either - it was developed, showcased but hasn't yet seen > > > > > the light of the day > > > > > > > > Understood... so perhaps there isn't a design document. Perhaps > > > > the author of the code (not sure who it is) wouldn't mind adding > > > > some basic design elements to the FS wiki page. That will help the > > > > community evaluate the inclusion of the donated code. > > > > > > > > > - Regarding the XS part, it has been developed/tested only for XS > > > > > - however, > > > > the feature is not restricted for XS - in other words, unlike the > > > > host updates, which was meant to be for XS only, this feature > > > > eventually must support all hypervisors (or even baremetal servers) > > > > - at this time, it has been developed for XS only.. > > > > > > > > > > > > > Excellent. I'd like to see that reflected in the design / code as > > > > well, but glad to hear it was a consideration! > > > > > > > > > Hari > > > > > > > > > > -----Original Message----- > > > > > From: Chip Childers [mailto:chip.child...@sungard.com] > > > > > Sent: Wednesday, January 9, 2013 12:52 PM > > > > > To: cloudstack-dev@incubator.apache.org > > > > > Subject: Re: [DISCUSS] Support for Intel TXT technology > > > > > > > > > > On Wed, Jan 9, 2013 at 3:44 PM, David Nalley <da...@gnsa.us> wrote: > > > > >> On Wed, Jan 9, 2013 at 3:37 PM, Animesh Chaturvedi > > > > >> <animesh.chaturv...@citrix.com> wrote: > > > > >>> This came in as I was following up on action item from IRC today. > > > > >>> This > > > > feature is something that has already been developed before ACS 4.0 > > > > and processes were formalized and also had been demonstrated in > > > > public forms such as in Intel Developers Forum last Sept but somehow > > > > missed > > > getting filed. > > > > Can we consider it as an exception and take it for 4.1. I > > > > understand we are few days past cutoff, I will ensure we are more > diligent > > in future. > > > > >>> > > > > >>> Animesh > > > > >> > > > > >> > > > > >> Is the code already in the repo? Or was it developed externally? > > > > >> > > > > > > > > > > Good question. My previous email made the assumption that it was > > > > > not > > > > currently in the project repo, but I could certainly be mistaken. > > > > > > > > > > -chip > > > > >
