All,
With the introduction of a native CA framework in CloudStack, with 4.11+ it will be used to secure addition of KVM hosts and agents (cpvm, ssvm). However, the KVM host agent may be secured while it communicates to the management server, the live VM migration still happens on insecure tcp connection. It is proposed to re-use the existing mechanism introduced in 4.11 and re-use host certificates that are used to secure a KVM host to secure libvirt for allowing secured TLS-enabled VM migration. Further, the UI may be enhanced to discover unsecured KVM hosts and allow securing (or renewal/provisioning of certificates) through a button. Please find the FS for the proposed enhancement: https://cwiki.apache.org/confluence/display/CLOUDSTACK/Secure+Live+VM+Migration+for+KVM - Rohit <https://cloudstack.apache.org> rohit.ya...@shapeblue.comĀ www.shapeblue.com 53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue
