<div dir="ltr"><div class="gmail_quote"><div dir="ltr"><div><div></div>Hi,<br></div><br>I need some assistance. i am very confused in one thing of Openstack. How it manages VM's . i mean to say where i can find all files related to single VM . i have Vbox on my system and in the VM main folder i have 3 files and 1 folder. I have attached snapshot of it. <br>
<div>
<br></div><div>How can i see those files for VM in Openstack. I know it uses XEN/KVM hypervisor but where it store the VM all related files.<br><br></div><div>I tried to find it on Openstack but no success yet.<br><br></div>
<div>I would be very thankful to you <br></div><div><br></div><div>Regards<span class="HOEnZb"><font color="#888888"><br></font></span></div><span class="HOEnZb"><font color="#888888"><div>Naveed<br></div><div><br></div>
<div><br><br><br><br></div><div><br></div></font></span></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><br><div class="gmail_quote">
On Wed, Oct 2, 2013 at 12:02 AM, Joshua Harlow <span dir="ltr"><<a href="mailto:harlowja@yahoo-inc.com" target="_blank">harlowja@yahoo-inc.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div style="font-size:14px;font-family:Calibri,sans-serif;word-wrap:break-word">
<div>Sure, I'd like to hear about it :)</div>
<div><br>
</div>
<span>
<div style="border-right:medium none;padding-right:0in;padding-left:0in;padding-top:3pt;text-align:left;font-size:11pt;border-bottom:medium none;font-family:Calibri;border-top:#b5c4df 1pt solid;padding-bottom:0in;border-left:medium none">
<span style="font-weight:bold">From: </span>Naveed Ahmad <<a href="mailto:12msccsnahmad@seecs.edu.pk" target="_blank">12msccsnahmad@seecs.edu.pk</a>><br>
<span style="font-weight:bold">Date: </span>Tuesday, October 1, 2013 11:22 AM<div><div><br>
<span style="font-weight:bold">To: </span>Joshua Harlow <<a href="mailto:harlowja@yahoo-inc.com" target="_blank">harlowja@yahoo-inc.com</a>><br>
<span style="font-weight:bold">Subject: </span>Re: [openstack-dev] Secure live VM migration in cloud (openstack)<br>
</div></div></div><div><div>
<div><br>
</div>
<div>
<div>
<div dir="ltr">
<div>
<div>Hi<br>
</div>
Respected Sir,<br>
<br>
</div>
Hopefully you will be fine. previously i discussed with you about my thesis. can i share with you flow of secure live vm migration process w r t cloud . i almost completed the design that i will implement in libvirt/openstack.<br>
<br>
<br>
<div>
<div>
<div>Regards<br>
<br>
</div>
<div><br>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Tue, Aug 27, 2013 at 11:12 AM, Naveed Ahmad <span dir="ltr">
<<a href="mailto:12msccsnahmad@seecs.edu.pk" target="_blank">12msccsnahmad@seecs.edu.pk</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">
<div>
<div>
<div><br>
</div>
Sir i have seen openstack code yet and you are right , it is possible with nova. i will update you soon about my plan.<br>
<br>
</div>
Thanks for sharing useful links and thanks for nice discussion.<br>
<br>
<br>
</div>
Regards<br>
<br>
<div><br>
<br>
<br>
</div>
</div>
<div>
<div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Tue, Aug 27, 2013 at 9:29 AM, Joshua Harlow <span dir="ltr">
<<a href="mailto:harlowja@yahoo-inc.com" target="_blank">harlowja@yahoo-inc.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div style="font-size:14px;font-family:Calibri,sans-serif;word-wrap:break-word">
<div>Cool, so are u thinking about doing most of this at the openstack code level then or at the libvirt level??</div>
<div><br>
</div>
<div>I could see it being possible to do this in nova itself, or at a lower level in libvirt.</div>
<div><br>
</div>
<div>U might be interested in a wiki I made a while ago @ <a href="https://wiki.openstack.org/wiki/LiveMigrationWorkflows" target="_blank">https://wiki.openstack.org/wiki/LiveMigrationWorkflows</a></div>
<div><br>
</div>
<div>It might not be fully accurate, but u can likely determine the places u would need to change from that.</div>
<div><br>
</div>
<div>Also <a href="https://blueprints.launchpad.net/nova/+spec/unified-migrations" target="_blank">https://blueprints.launchpad.net/nova/+spec/unified-migrations</a> might be interesting to u.</div>
<div><br>
</div>
<span>
<div style="border-right:medium none;padding-right:0in;padding-left:0in;padding-top:3pt;text-align:left;font-size:11pt;border-bottom:medium none;font-family:Calibri;border-top:#b5c4df 1pt solid;padding-bottom:0in;border-left:medium none">
<span style="font-weight:bold">From: </span>Naveed Ahmad <<a href="mailto:12msccsnahmad@seecs.edu.pk" target="_blank">12msccsnahmad@seecs.edu.pk</a>><br>
<span style="font-weight:bold">Date: </span>Monday, August 26, 2013 9:04 PM<br>
<span style="font-weight:bold">To: </span>Joshua Harlow <<a href="mailto:harlowja@yahoo-inc.com" target="_blank">harlowja@yahoo-inc.com</a>>
<div>
<div><br>
<span style="font-weight:bold">Subject: </span>Re: [openstack-dev] Secure live VM migration in cloud (openstack)<br>
</div>
</div>
</div>
<div>
<div>
<div><br>
</div>
<div>
<div>
<div dir="ltr">
<div>
<div>Respected Joshua Harlow,<br>
<br>
</div>
no i did not talk with libvirt team. but i have seen feature list of libvirt only and documentation of openstack.<br>
<br>
</div>
Regards<br>
<br>
<div>
<div>
<div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Tue, Aug 27, 2013 at 2:58 AM, Joshua Harlow <span dir="ltr">
<<a href="mailto:harlowja@yahoo-inc.com" target="_blank">harlowja@yahoo-inc.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div style="font-size:14px;font-family:Calibri,sans-serif;word-wrap:break-word">
<div>Hi,</div>
<div><br>
</div>
<div>Those ideas sounds pretty good to me. Although I'm not an expert in the security area, have u talked with the libvirt folks. I wonder if they have any of this planned?</div>
<div><br>
</div>
<span>
<div style="padding:3pt 0in 0in;text-align:left;font-size:11pt;border-width:1pt medium medium;border-style:solid none none;border-color:rgb(181,196,223) -moz-use-text-color -moz-use-text-color;font-family:Calibri">
<span style="font-weight:bold">From: </span>Naveed Ahmad <<a href="mailto:12msccsnahmad@seecs.edu.pk" target="_blank">12msccsnahmad@seecs.edu.pk</a>><br>
<span style="font-weight:bold">Reply-To: </span>OpenStack Development Mailing List <<a href="mailto:openstack-dev@lists.openstack.org" target="_blank">openstack-dev@lists.openstack.org</a>><br>
<span style="font-weight:bold">Date: </span>Monday, August 26, 2013 11:10 AM<br>
<span style="font-weight:bold">To: </span>OpenStack Development Mailing List <<a href="mailto:openstack-dev@lists.openstack.org" target="_blank">openstack-dev@lists.openstack.org</a>><br>
<span style="font-weight:bold">Subject: </span>Re: [openstack-dev] Secure live VM migration in cloud (openstack)<br>
</div>
<div>
<div>
<div><br>
</div>
<div>
<div>
<div dir="ltr">
<div>
<div>
<div>
<div><span name="Joshua Harlow">Respected Joshua Harlow,<br>
<br>
</span></div>
<span name="Joshua Harlow">Thanks for reply,<br>
<br>
</span></div>
<span name="Joshua Harlow">Based on literature survey i found that following techniques are used for secure live migration of vm.<br>
<br>
</span></div>
<span name="Joshua Harlow">1. RSA with SSL protocol for authentication and encryption.</span><br>
As you mentioned earlier same problem is in RSA based authentication. we have to add public keys of all other hypervisors.<br>
</div>
<div><br>
</div>
<div>In Blackhat 2013, security research found vulnerability in SSL so it can be breakable in very short time.
<br>
</div>
<div>please check <br>
<a href="http://arstechnica.com/security/2013/08/gone-in-30-seconds-new-attack-plucks-secrets-from-https-protected-pages/" target="_blank">http://arstechnica.com/security/2013/08/gone-in-30-seconds-new-attack-plucks-secrets-from-https-protected-pages/</a><br>
<br>
</div>
<div>2. SSH is used for secure tunnel before live vm migration.<br>
<br>
</div>
<div>Authentication is not discussed, only secure tunnel is used to achieve confidentiality.<br>
<br>
</div>
<div>3. Openstack uses libvirtd with kvm to provide secure vm migration between src and dst machine.
<br>
</div>
<div>SSL is used for encrypted channel and SASL is used for authentication.<br>
<br>
<br>
<br>
</div>
<div>so i am interested to implement authentication level's in live vm migration.<br>
<br>
</div>
<div><a href="http://1.no" target="_blank">1.no</a> authentication<br>
</div>
<div>2. Certificate base<br>
</div>
<div>3.smart card based authentication<br>
<br>
</div>
<div>and similarly ssl provide secure channel but after that seaprate VLAN is used for vm migration traffic. if we use ipsec then we can achieve same goal on network layer to hide all communication of vm migration.<br>
<br>
<br>
<br>
</div>
<div>Regards<br>
</div>
<div>Naveed<br>
</div>
<div><br>
<br>
</div>
<div><br>
</div>
<div><br>
</div>
<span name="Joshua Harlow"><br>
</span>
<div>
<div><span name="Joshua Harlow"><br>
</span>
<div>
<div>
<div><span name="Joshua Harlow"><br>
</span></div>
</div>
</div>
</div>
</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Mon, Aug 26, 2013 at 2:44 AM, Joshua Harlow <span dir="ltr">
<<a href="mailto:harlowja@yahoo-inc.com" target="_blank">harlowja@yahoo-inc.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div dir="auto">
<div>Arg, hit send to quick.</div>
<div><br>
</div>
<div>*likely these problems would require some managed migration "thing" that would temporarily open the network access, issue temporary auth keys and the initiate the migration between the 2 hypervisors. Is this in your scope, to make this thing??
<div><br>
<br>
Sent from my really tiny device...</div>
</div>
<div>
<div>
<div><br>
On Aug 25, 2013, at 2:42 PM, "Joshua Harlow" <<a href="mailto:harlowja@yahoo-inc.com" target="_blank">harlowja@yahoo-inc.com</a>> wrote:<br>
<br>
</div>
<blockquote type="cite">
<div>
<div>Hi,</div>
<div><br>
</div>
<div>I think it's a good idea, can u describe more what would be different, would there be a new auth and live migration mechanism? </div>
<div><br>
</div>
<div>I think one of the problems at least yahoo has is that live migration requires all ssh keys to be on all hypervisors since hypervisors (libvirtd) open up the connection to the hypervisor to be migrated to. This is obviously bad, as any hacker if they can
get out of a vm now can start issuing these migration requests. Also at yahoo we don't allow hypervisors to communicate openly to each other, this is protected at the network level. Would u be working on solutions to these problems (likely involving <br>
<br>
Sent from my really tiny device...</div>
<div><br>
On Aug 25, 2013, at 6:33 AM, "Naveed Ahmad" <<a href="mailto:12msccsnahmad@seecs.edu.pk" target="_blank">12msccsnahmad@seecs.edu.pk</a>> wrote:<br>
<br>
</div>
<blockquote type="cite">
<div>
<div dir="ltr">
<div>
<div><br>
</div>
thanks for replying <span name="Joshua Harlow">Joshua,<br>
<br>
<br>
</span></div>
<div><span name="Joshua Harlow">VM migration is the process used to migrate vm from one physical server to another physical server due to many reasons like system maintenance, hardware failure ,<br>
<br>
</span></div>
<div><span name="Joshua Harlow">VM is important element in cloud as well, so we do same in the cloud. xen/kvm hypervisor used in the openstack dont provide security in this process. i studied few paper on it which are related to VM migration in DC instead
of Cloud. i also seen book on openstack security in which it is describe that xen/kvm could not provide security but libvirt can be used with xen/kvm to secure this process.<br>
<br>
</span></div>
<div><span name="Joshua Harlow">Currently libvirt is providing ssl for confidentiality of data between source and destination. and SASL for authentication. i want to add other authentication mechanism in it and in the end it would be added in the Dashboard
of openstack so that administrator use it easily, Access control is also part of this thesis..<br>
<br>
<br>
</span></div>
<div><span name="Joshua Harlow">may you got my idea Mr. </span><span name="Joshua Harlow">Joshua Harlow and now please comment on it. is it good or not? your comment will help me to choose good topic in cloud security,<br>
<br>
</span></div>
<div><span name="Joshua Harlow"><br>
</span></div>
<div><span name="Joshua Harlow">Regards<br>
<br>
</span></div>
<div><span name="Joshua Harlow"><br>
<br>
</span></div>
<div><span name="Joshua Harlow"><br>
<br>
</span></div>
<div><span name="Joshua Harlow"><br>
<br>
<br>
</span></div>
<span name="Joshua Harlow"></span>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Sun, Aug 25, 2013 at 4:17 AM, Joshua Harlow <span dir="ltr">
<<a href="mailto:harlowja@yahoo-inc.com" target="_blank">harlowja@yahoo-inc.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
Is there any write up of what u want to do or is that not defined yet?<br>
<br>
If u can write up some information I think that would help others provide feedback as well as help everyone (including yourself) see the goal too be accomplished. It's hard to tell what the desired outcome is otherwise, secure vm migration could mean a lot
of things :)<br>
<br>
Sent from my really tiny device...<br>
<div>
<div><br>
On Aug 24, 2013, at 12:26 PM, "Naveed Ahmad" <<a href="mailto:12msccsnahmad@seecs.edu.pk" target="_blank">12msccsnahmad@seecs.edu.pk</a>> wrote:<br>
<br>
><br>
><br>
> Hi all,<br>
><br>
><br>
><br>
> I am doing thesis in cloud computing security domain, i selected to secure vm migration process in openstack.<br>
> Please let me know about this idea. i have done some initial work on it. i need comment of you people which will be helpful for me.<br>
><br>
><br>
><br>
><br>
> Thanks and Regards<br>
><br>
><br>
</div>
</div>
> _______________________________________________<br>
> OpenStack-dev mailing list<br>
> <a href="mailto:OpenStack-dev@lists.openstack.org" target="_blank">OpenStack-dev@lists.openstack.org</a><br>
> <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
<br>
_______________________________________________<br>
OpenStack-dev mailing list<br>
<a href="mailto:OpenStack-dev@lists.openstack.org" target="_blank">OpenStack-dev@lists.openstack.org</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
</blockquote>
</div>
<br>
</div>
</div>
</div>
</blockquote>
<blockquote type="cite">
<div><span>_______________________________________________</span><br>
<span>OpenStack-dev mailing list</span><br>
<span><a href="mailto:OpenStack-dev@lists.openstack.org" target="_blank">OpenStack-dev@lists.openstack.org</a></span><br>
<span><a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a></span><br>
</div>
</blockquote>
</div>
</blockquote>
</div>
</div>
</div>
<br>
_______________________________________________<br>
OpenStack-dev mailing list<br>
<a href="mailto:OpenStack-dev@lists.openstack.org" target="_blank">OpenStack-dev@lists.openstack.org</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
<br>
</blockquote>
</div>
<br>
</div>
</div>
</div>
</div>
</div>
</div>
</span></div>
</blockquote>
</div>
<br>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</span></div>
</blockquote>
</div>
<br>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div></div></span>
</div>
</blockquote></div><br></div>
</div></div></div><br></div>