Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure remote management with virtualization Daniel P. Berrangé.

Published byPeter Junior Hoover Modified over 7 years ago

Similar presentations

Presentation on theme: "Secure remote management with virtualization Daniel P. Berrangé."— Presentation transcript:

1 Secure remote management with virtualization Daniel P. Berrangé

2 libvirt: Background ● API for management of hypervisors ● Community (Red Hat, Fujitsu, Bull) ● Isolates apps from HV specific APIs ● Driver support for Xen, QEMU, KVM ● C, Python, Perl, shell APIs (virsh)

3 libvirt: Local Architecture

4 libvirt: Remote Management ● Local management unchanged ● Driver talks to remote libvirtd server ● XDR messaging protocol (rfc 1832) ● Layered over TLS 1.1 or tunnel SSH ● x509 certificate authentication ● Role based MAC with SELinux

5 libvirt: Remote Architecture

6 libvirt: Host Capabilities ● Supported architectures: x86, ppc, sparc ● Supported virt types: Xen, KVM, QEMU, KQEMU ● Supported OS types: Xen PV, HVM ● CPU capabilities: SVM, VMX, PAE

7 libvirt: Network Management ● Shared physical device / virtual network ● APIs to define virtual networks ● dnsmasq provides DHCP + DNS ● Isolated or NAT forwarding (iptables) ● Solve NetworkManager/Laptop case

8 libvirt: Storage Management ● Storage pool of file, partition, or lvm ● Enumeration volumes in pool ● Allocate virtual disks from pool ● Verify availability for migration ● POSIX (file), GpartD (partition), ??? (lvm)

9 libvirt: Graphics Console ● Xen, QEMU, KVM provide VNC server ● VNC unencrypted traffic, 'trivial' auth ● Goal for parity auth scheme with libvirt ● VeNCrypt extension adds TLS + x509 ● Port PV daemon to use QEMU VNC code ● GTK-VNC client supports VeNCrypt

10 libvirt: Text Console ● Xen, QEMU, KVM provide Pseudo-TTY ● Restricted to root on local machine ● QEMU provides UNIX/TCP socket access ● Goal for parity auth scheme with libvirt ● Existing tool ? Tunnel VNC / libvirt ?

11 http://libvirt.org/

12

Download ppt "Secure remote management with virtualization Daniel P. Berrangé."

Similar presentations

With ovirt & virt manager

With ovirt & virt manager
Content Overview Virtual Disk Port to Intel platform

Content Overview Virtual Disk Port to Intel platform
Virtual Machine Technology Dr. Gregor von Laszewski Dr. Lizhe Wang.

Virtual Machine Technology Dr. Gregor von Laszewski Dr. Lizhe Wang.
Seamless migration from Nova-network to Neutron in eBay production Chengyuan Li, Han Zhou.

Seamless migration from Nova-network to Neutron in eBay production Chengyuan Li, Han Zhou.
Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.

Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.
Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206) 217-7048

Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206)
NWCLUG 01/05/2010 Jared Moore Xen Open Source Virtualization.

NWCLUG 01/05/2010 Jared Moore Xen Open Source Virtualization.
1 Week #1 Objectives Review clients, servers, and Windows network models Differentiate among the editions of Server 2008 Discuss the new Windows Server.

1 Week #1 Objectives Review clients, servers, and Windows network models Differentiate among the editions of Server 2008 Discuss the new Windows Server.
Chapter 1 Introducing Windows Server 2012/R2

Chapter 1 Introducing Windows Server 2012/R2
Virtualization for Cloud Computing

Virtualization for Cloud Computing
LINUX Virtualization Running other code under LINUX.

LINUX Virtualization Running other code under LINUX.
SP2 Mikael Nystrom. Agenda Översikt Installation.

SP2 Mikael Nystrom. Agenda Översikt Installation.
Virtualization Performance H. Reza Taheri Senior Staff Eng. VMware.

Virtualization Performance H. Reza Taheri Senior Staff Eng. VMware.
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.

Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
Network+ Guide to Networks 6 th Edition Chapter 10 Virtual Networks and Remote Access.

Network+ Guide to Networks 6 th Edition Chapter 10 Virtual Networks and Remote Access.
Benefits: Increased server utilization Reduced IT TCO Improved IT agility.

Benefits: Increased server utilization Reduced IT TCO Improved IT agility.
COMP25212: Virtualization Learning Objectives: a)To describe aims of virtualization - in the context of similar aims in other software components b)To.

COMP25212: Virtualization Learning Objectives: a)To describe aims of virtualization - in the context of similar aims in other software components b)To.
Xen Virtualization Last Update 2011.01.01 1.0.0 1Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com.

Xen Virtualization Last Update Copyright 2011 Kenneth M. Chipps Ph.D.
A study of introduction of the virtualization technology into operator consoles T.Ohata, M.Ishii / SPring-8 ICALEPCS 2005, October 10-14, 2005 Geneva,

A study of introduction of the virtualization technology into operator consoles T.Ohata, M.Ishii / SPring-8 ICALEPCS 2005, October 10-14, 2005 Geneva,
1.4 Open source implement. Open source implement Open vs. Closed Software Architecture in Linux Systems Linux Kernel Clients and Daemon Servers Interface.

1.4 Open source implement. Open source implement Open vs. Closed Software Architecture in Linux Systems Linux Kernel Clients and Daemon Servers Interface.

Similar presentations

Ads by Google