Secure remote management with virtualization Daniel P. Berrangé.

Slides:

Advertisements

Similar presentations

With ovirt & virt manager

Advertisements

Content Overview Virtual Disk Port to Intel platform

Virtual Machine Technology Dr. Gregor von Laszewski Dr. Lizhe Wang.

Seamless migration from Nova-network to Neutron in eBay production Chengyuan Li, Han Zhou.

Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.

Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206)

NWCLUG 01/05/2010 Jared Moore Xen Open Source Virtualization.

1 Week #1 Objectives Review clients, servers, and Windows network models Differentiate among the editions of Server 2008 Discuss the new Windows Server.

Chapter 1 Introducing Windows Server 2012/R2

Virtualization for Cloud Computing

LINUX Virtualization Running other code under LINUX.

SP2 Mikael Nystrom. Agenda Översikt Installation.

Virtualization Performance H. Reza Taheri Senior Staff Eng. VMware.

Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.

Network+ Guide to Networks 6 th Edition Chapter 10 Virtual Networks and Remote Access.

Benefits: Increased server utilization Reduced IT TCO Improved IT agility.

COMP25212: Virtualization Learning Objectives: a)To describe aims of virtualization - in the context of similar aims in other software components b)To.

Xen Virtualization Last Update Copyright 2011 Kenneth M. Chipps Ph.D.

A study of introduction of the virtualization technology into operator consoles T.Ohata, M.Ishii / SPring-8 ICALEPCS 2005, October 10-14, 2005 Geneva,

1.4 Open source implement. Open source implement Open vs. Closed Software Architecture in Linux Systems Linux Kernel Clients and Daemon Servers Interface.

Simplifying Resource Sharing in Voluntary Grid Computing with the Grid Appliance David Wolinsky Renato Figueiredo ACIS Lab University of Florida.

1 Introduction to Microsoft Windows 2000 Windows 2000 Overview Windows 2000 Architecture Overview Windows 2000 Directory Services Overview Logging On to.

CSCE 815 Network Security Lecture 26 SSH and SSH Implementation April 24, 2003.

Reducing Trust Domain with TXT Daniel De Graaf. TXT overview Original TPM – Static Root of Trust – BIOS, all boot ROMs, bootloader, hypervisor, OS TPM.

MATSUMOTO Hitoshi SCSI support on Xen MATSUMOTO Hitoshi Fujitsu Ltd.

Библиотеки и фреймворки для построения клаудов Данилов Константин Mirantis koder-ua.blogspot.com.

1.4 Open source implement. Open source implement Open vs. Closed Software Architecture in Linux Systems Linux Kernel Clients and Daemon Servers Interface.

The Tech that supports the Net Net Tech for CBIS.

CEG 2400 FALL 2012 Chapter 10 Virtual Networks and Remote Access 1.

Workload Active directory BizTalk server DHCP DNS Dynamics Exchange server Fax server IIS Lync server RDS SharePoint server SQL System Center Visual.

Libvirt management Andrea Chierici Virtualization tutorial Catania 1-3 dicember 2010.

Introduction to KVM Andrea Chierici Virtualization tutorial Catania 1-3 dicember 2010.

E Virtual Machines Lecture 5 Network Virtualization Scott Devine VMware, Inc.

Encryption and Security Tools for IA Management Nick Hornick COSC 481 Spring 2007.

Unit 2 VIRTUALISATION. Unit 2 - Syllabus Basics of Virtualization Types of Virtualization Implementation Levels of Virtualization Virtualization Structures.

KVM tutorial #2 Andrea Chierici Virtualization tutorial Catania 1-3 dicember 2010.

Intro To Virtualization Mohammed Morsi

Open Source Virtualization Andrey Meganov RHCA, RHCX Consultant / VDEL

Virtualization in Fedora (KVM based) Kashyap Chamarthy Virtualization in Fedora (KVM based) Kashyap Chamarthy

Welcome to the Virtual Machine Mark Cyzyk The Sheridan Libraries Johns Hopkins University.

Daniel P. Berrangé Principal Software Engineer, Red Hat.

Taking full advantage of QEMU in Xen Daniel P. Berrange Xen Summit, November 2007.

10/2/2016 Secure Virtualization Using SELinux Daniel J Walsh

Daniel P. Berrangé KVM Forum Vancouver, libvirt: Why it exists ● Stable: isolation from HV API changes ● Standard: portable across HV ● Simple:

Andrea Chierici Virtualization tutorial Catania 1-3 dicember 2010

Virtualization Mini Summit, Austin 2008 mmm, tasty penguins...

Chapter 1 Introducing Windows Server 2012/R2

Virtualization for Cloud Computing

VMware ESX and ESXi Module 3.

Agenda Hardware Virtualization Concepts

Application Sandboxes

Blueprint of Persistent Infrastructure as a Service

London OpenStack Meetup, July 2012 libvirt & KVM with OpenStack Nova

Linux Containers Overview & Roadmap

Virtualization with libvirt Kashyap Chamarthy

Network Wiring and Reference

Virtualization overview

libvirt: Stable API Management of hypervisor(s)

An introduction... Mike Latimer Sr. Engineering Manager SUSE

Xen Summit Spring 2007 Platform Virtualization with XenEnterprise

Running other code under LINUX

Network Services, Cloud Computing, and Virtualization

Cloud Computing ISY143.

Network+ Guide to Networks 6th Edition

REDHAT LINUX Training Syllabus

* Introduction to Cloud computing * Introduction to OpenStack * OpenStack Design & Architecture * Demonstration of OpenStack Cloud.

Linux and TCP/IP Networking

Cengage Learning: Computer Networking from LANs to WANs

Network Security 4/21/2019 Raj Rajarajan.

Presentation transcript:

Secure remote management with virtualization Daniel P. Berrangé

libvirt: Background ● API for management of hypervisors ● Community (Red Hat, Fujitsu, Bull) ● Isolates apps from HV specific APIs ● Driver support for Xen, QEMU, KVM ● C, Python, Perl, shell APIs (virsh)

libvirt: Local Architecture

libvirt: Remote Management ● Local management unchanged ● Driver talks to remote libvirtd server ● XDR messaging protocol (rfc 1832) ● Layered over TLS 1.1 or tunnel SSH ● x509 certificate authentication ● Role based MAC with SELinux

libvirt: Remote Architecture

libvirt: Host Capabilities ● Supported architectures: x86, ppc, sparc ● Supported virt types: Xen, KVM, QEMU, KQEMU ● Supported OS types: Xen PV, HVM ● CPU capabilities: SVM, VMX, PAE

libvirt: Network Management ● Shared physical device / virtual network ● APIs to define virtual networks ● dnsmasq provides DHCP + DNS ● Isolated or NAT forwarding (iptables) ● Solve NetworkManager/Laptop case

libvirt: Storage Management ● Storage pool of file, partition, or lvm ● Enumeration volumes in pool ● Allocate virtual disks from pool ● Verify availability for migration ● POSIX (file), GpartD (partition), ??? (lvm)

libvirt: Graphics Console ● Xen, QEMU, KVM provide VNC server ● VNC unencrypted traffic, 'trivial' auth ● Goal for parity auth scheme with libvirt ● VeNCrypt extension adds TLS + x509 ● Port PV daemon to use QEMU VNC code ● GTK-VNC client supports VeNCrypt

libvirt: Text Console ● Xen, QEMU, KVM provide Pseudo-TTY ● Restricted to root on local machine ● QEMU provides UNIX/TCP socket access ● Goal for parity auth scheme with libvirt ● Existing tool ? Tunnel VNC / libvirt ?