[
https://issues.apache.org/jira/browse/CLOUDSTACK-10333?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Rohit Yadav updated CLOUDSTACK-10333:
-------------------------------------
Description:
With use of CA framework to secure hosts, the current mechanisms don't secure
libvirtd to use those certificates (used by agent to connect to mgmt server).
This causes insecure vm migration over tcp instead of tls. The aim is to use
the same framework and certificates to secure live VM migration. This could be
coupled with securing of a host and renewal/provisioning of certificates to
host.
FS:
https://cwiki.apache.org/confluence/display/CLOUDSTACK/Secure+Live+VM+Migration+for+KVM
was:With use of CA framework to secure hosts, the current mechanisms don't
secure libvirtd to use those certificates (used by agent to connect to mgmt
server). This causes insecure vm migration over tcp instead of tls. The aim is
to use the same framework and certificates to secure live VM migration. This
could be coupled with securing of a host and renewal/provisioning of
certificates to host.
> Secure VM Live migration for KVM
> --------------------------------
>
> Key: CLOUDSTACK-10333
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10333
> Project: CloudStack
> Issue Type: Improvement
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Reporter: Rohit Yadav
> Assignee: Rohit Yadav
> Priority: Major
> Fix For: 4.12.0.0, 4.11.1.0
>
>
> With use of CA framework to secure hosts, the current mechanisms don't secure
> libvirtd to use those certificates (used by agent to connect to mgmt server).
> This causes insecure vm migration over tcp instead of tls. The aim is to use
> the same framework and certificates to secure live VM migration. This could
> be coupled with securing of a host and renewal/provisioning of certificates
> to host.
>
> FS:
> https://cwiki.apache.org/confluence/display/CLOUDSTACK/Secure+Live+VM+Migration+for+KVM
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
