[pve-devel] Storage migration: online design solution

Michael Rasmussen mir at datanom.net
Wed Jan 9 19:09:58 CET 2013


On Wed, 9 Jan 2013 18:47:43 +0100
Michael Rasmussen <mir at datanom.net> wrote:

> 
> Only outstanding issue is about encryption. My proposal will be to have
> an option in the GUI for choosing to tunnel the migration through a ssh
> tunnel since this is already implemented in the current Proxmox code
> base? But I do think the default behavior should be the libvirt way
> which is without encryption. This is also, as I understand it, the way
> VmWare does it in vMotion.
> 
Thinking some harder makes me realize that this is not a easy task
since we have not hoke into the process where bits are transferred and
my first assumption of using a tunnel seems not that obvious unless we
use my solution with NBD. NBD can be tunnelled but will require some
more work. I need to investigate, as you also have pointed out, how we
can switch from NBD to the real image. Maybe it will require a new
drive-mirror iteration.

But then again why should we use encryption? I see no difference
between using a remote block device today and the way drive-mirror does
its job. And connections to remote block devices today is not encrypted
either.

-- 
Hilsen/Regards
Michael Rasmussen

Get my public GnuPG keys:
michael <at> rasmussen <dot> cc
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xD3C9A00E
mir <at> datanom <dot> net
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE501F51C
mir <at> miras <dot> org
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE3E80917
--------------------------------------------------------------
[The French Riviera is] a sunny place for shady people.
		-- Somerset Maugham
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.proxmox.com/pipermail/pve-devel/attachments/20130109/723fb535/attachment.sig>


More information about the pve-devel mailing list