SlideShare a Scribd company logo
1 of 11
Download to read offline
Making	
  Migra)on	
  More	
  Secure	
  
John	
  Shackleton	
  
Adven0um	
  Labs	
  
August	
  25,	
  2016	
  
8/16/16	
  
©	
  Adven0um	
  Labs	
  2016	
  
Approved	
  for	
  Public	
  Release;	
  Distribu0on	
  Unlimited:	
  88ABW-­‐2016-­‐3682	
  &	
  20160726	
  
1	
  
This	
  material	
  based	
  upon	
  work	
  supported	
  by	
  the	
  United	
  States	
  Air	
  Force	
  under	
  Contract	
  No.	
  FA8750-­‐10-­‐
D-­‐0197/0012.	
  Any	
  opinions,	
  findings	
  and	
  conclusions	
  or	
  recommenda0ons	
  expressed	
  in	
  this	
  material	
  are	
  those	
  
of	
  the	
  author	
  and	
  do	
  not	
  necessarily	
  reflect	
  the	
  views	
  of	
  he	
  United	
  States	
  Air	
  Force.	
  
Live	
  Migra0on	
  
8/16/16	
  
©	
  Adven0um	
  Labs	
  2016	
  
Approved	
  for	
  Public	
  Release;	
  Distribu0on	
  Unlimited:	
  88ABW-­‐2016-­‐3682	
  &	
  20160726	
  
2	
  
Hypervisor	
  
Guest	
  
VM	
  
Hypervisor	
  
Server	
  A	
   Server	
  B	
  
•  Perhaps	
  most	
  fundamental	
  of	
  cloud	
  opera0ons.	
  
•  Focus	
  has	
  been	
  on	
  FAST	
  and	
  RELIABLE.	
  
Pu0ng	
  efficiency	
  above	
  security	
  may	
  ul)mately	
  lead	
  
to	
  reduced	
  efficiency.	
  
Different	
  Storage	
  Configura0ons	
  
8/16/16	
  
©	
  Adven0um	
  Labs	
  2016	
  
Approved	
  for	
  Public	
  Release;	
  Distribu0on	
  Unlimited:	
  88ABW-­‐2016-­‐3682	
  &	
  20160726	
  
3	
  
Shared	
  Disk	
   Replicated	
  Disk	
  
Remote	
  Referencing	
   Shared	
  Nothing	
  
Server	
  A	
   Server	
  B	
  
VM	
  
Server	
  A	
   Server	
  B	
  
VM	
   VM	
  
Server	
  A	
   Server	
  B	
  
VM	
  
NBD	
  
Server	
  A	
   Server	
  B	
  
VM	
  
COPY	
  
COPY	
  
Basic	
  Migra0on	
  Process	
  
8/16/16	
  
©	
  Adven0um	
  Labs	
  2016	
  
Approved	
  for	
  Public	
  Release;	
  Distribu0on	
  Unlimited:	
  88ABW-­‐2016-­‐3682	
  &	
  20160726	
  
4	
  
Server	
  A	
   Server	
  B	
  
4)	
  Resume	
  VM	
  
6)	
  Release	
  old	
  VM	
  footprint	
  
2)	
  Pause	
  VM	
  
1)	
  Create	
  mirror	
  
3)	
  Transfer	
  State	
  and	
  Metadata	
  
5)	
  Remove	
  mirror	
  
Advanced	
  Cyberadack	
  Examples	
  
•  Spoofing:	
  Mimicking	
  a	
  server	
  to	
  gain	
  unauthorized	
  access.	
  
•  Thrashing:	
  A	
  sophis0cated	
  DOS	
  adack.	
  
•  Smash	
  and	
  Grab:	
  Forcing	
  source	
  or	
  des0na0on	
  VM	
  image	
  into	
  a	
  
bad	
  state.	
  
•  Bait	
  and	
  Switch:	
  Crea0ng	
  a	
  deliberate	
  failure	
  to	
  create	
  shadow	
  copy	
  
of	
  the	
  source	
  VM.	
  
8/16/16	
  
©	
  Adven0um	
  Labs	
  2016	
  
Approved	
  for	
  Public	
  Release;	
  Distribu0on	
  Unlimited:	
  88ABW-­‐2016-­‐3682	
  &	
  20160726	
  
5	
  
Server	
  A	
   Server	
  B	
  
Many	
  aBacks	
  seek	
  to	
  disrupt	
  the	
  system	
  or	
  exfiltrate	
  
informa)on.	
  	
  
Other	
  Migra0on	
  Challenges	
  
8/16/16	
  
©	
  Adven0um	
  Labs	
  2016	
  
Approved	
  for	
  Public	
  Release;	
  Distribu0on	
  Unlimited:	
  88ABW-­‐2016-­‐3682	
  &	
  20160726	
  
6	
  
Hypervisor	
   Hypervisor	
  
Storage	
  
Domain	
  
Network	
  
Domain	
  
Server	
  A	
   Server	
  B	
  
Guest	
  
VM	
  
MAC	
  
Policy	
  
MAC	
  
Policy	
  
Crypto	
  
Keys	
  
Crypto	
  
Keys	
  
Dele0on	
  
Certainty	
  
Migra0on	
  
Policy	
  
Hypervisor	
  
Migra0on	
  of	
  Service	
  Domains	
  
8/16/16	
  
©	
  Adven0um	
  Labs	
  2016	
  
Approved	
  for	
  Public	
  Release;	
  Distribu0on	
  Unlimited:	
  88ABW-­‐2016-­‐3682	
  &	
  20160726	
  
7	
  
Hypervisor	
  
Storage	
  
Domain	
  
Network	
  
Domain	
  
Guest	
  
VM	
  
disk	
  
NIC	
  
Device	
  
Pass-­‐through	
  
There	
  is	
  a	
  need	
  to	
  support	
  group	
  migra)ons	
  or	
  	
  
refined	
  pre/post	
  migra)on	
  customiza)on	
  
Details	
  of	
  Migra0on	
  and	
  Device	
  Pass-­‐Through	
  
8/16/16	
  
©	
  Adven0um	
  Labs	
  2016	
  
Approved	
  for	
  Public	
  Release;	
  Distribu0on	
  Unlimited:	
  88ABW-­‐2016-­‐3682	
  &	
  20160726	
  
8	
  
Hypervisor	
  
Dom0	
  
Storage	
  
Domain	
  
VM	
  
Virtual	
  
Disk	
  
Physical	
  Storage	
  
PCI	
  
pass-­‐
through	
  
Storage	
  
Repository	
  
Physical	
  
Block	
  
Device	
  
Guest	
  
VM	
  
Storage	
  
Driver	
  
Domain	
  
UUID	
  
Storage	
  
Repository	
  
UUID	
  
Reference	
  
Maintained	
  in	
  
Migra0on	
  
Reference	
  
Broken	
  in	
  
Migra0on	
  
XenServer	
  
Migra0on	
  of	
  Crypto	
  Keys	
  
8/16/16	
  
©	
  Adven0um	
  Labs	
  2016	
  
Approved	
  for	
  Public	
  Release;	
  Distribu0on	
  Unlimited:	
  88ABW-­‐2016-­‐3682	
  &	
  20160726	
  
9	
  
Hypervisor	
  
Storage	
  
Domain	
  
Network	
  
Domain	
  
Guest	
  
VM	
  
There	
  is	
  no	
  industry	
  standard	
  for	
  key	
  management,	
  and	
  
hence	
  no	
  industry	
  standard	
  for	
  key	
  migra)on.	
  
Crypto	
  
Keys	
  
?	
  
•  Networked	
  key	
  
management	
  (KMIP)	
  
•  Local	
  cer0ficate	
  
authori0es	
  
•  Migrate	
  local	
  keys	
  with	
  
the	
  VM	
  
•  Manual	
  key	
  management	
  
•  vTPM	
  migra0on	
  
Migra0on	
  of	
  MAC	
  Policies	
  
8/16/16	
  
©	
  Adven0um	
  Labs	
  2016	
  
Approved	
  for	
  Public	
  Release;	
  Distribu0on	
  Unlimited:	
  88ABW-­‐2016-­‐3682	
  &	
  20160726	
  
10	
  
Hypervisor	
  
Storage	
  
Domain	
  
Network	
  
Domain	
  
Guest	
  
VM	
  
XSM	
  Policies	
  must	
  be	
  wriBen	
  to	
  enforce	
  authorized	
  
migra)on	
  and	
  to	
  accommodate	
  migra)ng	
  guests.	
  
MAC	
  
policy	
   ?	
  
•  XSM	
  policies	
  are	
  sta0c.	
  
•  Consequently	
  XSM	
  policies	
  
must	
  be	
  well	
  designed	
  and	
  
consistent	
  between	
  servers	
  
(and	
  server	
  pools).	
  
•  Run-­‐0me	
  enforcement	
  of	
  
consistent	
  policies	
  is	
  
advantageous.	
  
•  It	
  is	
  largely	
  the	
  administrator’s	
  
responsibility	
  to	
  coordinate	
  
XSM	
  policies	
  of	
  migra0ng	
  VMs.	
  
Extensions	
  to	
  Xen-­‐based	
  Migra0on	
  that	
  
Would	
  Enhance	
  Security	
  
•  Customiza)on:	
  Support	
  pre-­‐	
  and	
  post-­‐migra0on	
  scripts	
  to	
  handle	
  
specific	
  device	
  pass-­‐through	
  issues.	
  
•  MAC	
  Policy	
  Enforcement:	
  At	
  both	
  source	
  and	
  des0na0on	
  servers,	
  
enforced	
  defined	
  policies	
  regarding	
  who	
  can	
  move	
  which	
  VMs.	
  
•  Group	
  Migra)ons:	
  Handle	
  groups	
  of	
  VM	
  together	
  to	
  support	
  
associated	
  service	
  VMs.	
  
•  Atomicity	
  and	
  Robust	
  Error	
  Handling:	
  Provide	
  comprehensive	
  roll-­‐
back	
  if	
  errors	
  occur	
  during	
  migra0on.	
  
•  Dele)on	
  Certainty:	
  Provide	
  op0on	
  to	
  zeroize	
  contents	
  and	
  
associated	
  data	
  of	
  source	
  VM	
  footprint	
  to	
  ensure	
  security.	
  
•  Migra)on	
  Policy:	
  At	
  both	
  source	
  and	
  des0na0on	
  servers,	
  support	
  
defined	
  policies	
  regarding	
  when	
  and	
  where	
  a	
  VM	
  is	
  allowed	
  to	
  
migrate.	
  
8/16/16	
  
©	
  Adven0um	
  Labs	
  2016	
  
Approved	
  for	
  Public	
  Release;	
  Distribu0on	
  Unlimited:	
  88ABW-­‐2016-­‐3682	
  &	
  20160726	
  
11	
  

More Related Content

What's hot

VMworld 2013: Extreme Performance Series: Network Speed Ahead
VMworld 2013: Extreme Performance Series: Network Speed Ahead VMworld 2013: Extreme Performance Series: Network Speed Ahead
VMworld 2013: Extreme Performance Series: Network Speed Ahead VMworld
 
Project ACRN CPU sharing BVT scheduler in ACRN hypervisor
Project ACRN CPU sharing BVT scheduler in ACRN hypervisorProject ACRN CPU sharing BVT scheduler in ACRN hypervisor
Project ACRN CPU sharing BVT scheduler in ACRN hypervisorProject ACRN
 
Host fencing in oVirt - Fixing the unknown and allowing VMs to be highly avai...
Host fencing in oVirt - Fixing the unknown and allowing VMs to be highly avai...Host fencing in oVirt - Fixing the unknown and allowing VMs to be highly avai...
Host fencing in oVirt - Fixing the unknown and allowing VMs to be highly avai...Martin Peřina
 
Project ACRN hypervisor introduction
Project ACRN hypervisor introduction Project ACRN hypervisor introduction
Project ACRN hypervisor introduction Project ACRN
 
ACRN vMeet-Up EU 2021 - Boot Process and Secure Boot
ACRN vMeet-Up EU 2021 - Boot Process and Secure BootACRN vMeet-Up EU 2021 - Boot Process and Secure Boot
ACRN vMeet-Up EU 2021 - Boot Process and Secure BootProject ACRN
 
XPDDS18: The Evolution of Virtualization in the Arm Architecture - Julien Gra...
XPDDS18: The Evolution of Virtualization in the Arm Architecture - Julien Gra...XPDDS18: The Evolution of Virtualization in the Arm Architecture - Julien Gra...
XPDDS18: The Evolution of Virtualization in the Arm Architecture - Julien Gra...The Linux Foundation
 
OVHcloud Hosted Private Cloud Platform Network use cases with VMware NSX
OVHcloud Hosted Private Cloud Platform Network use cases with VMware NSXOVHcloud Hosted Private Cloud Platform Network use cases with VMware NSX
OVHcloud Hosted Private Cloud Platform Network use cases with VMware NSXOVHcloud
 
Disk Performance Comparison Xen v.s. KVM
Disk Performance Comparison Xen v.s. KVMDisk Performance Comparison Xen v.s. KVM
Disk Performance Comparison Xen v.s. KVMnknytk
 
Integrating kdump into oVirt
Integrating kdump into oVirtIntegrating kdump into oVirt
Integrating kdump into oVirtMartin Peřina
 
VMworld 2017 Core Storage
VMworld 2017 Core StorageVMworld 2017 Core Storage
VMworld 2017 Core StorageCormac Hogan
 
ACRN vMeet-Up EU 2021 - Bridging Orchestrator and Hard Realtime Workload Cons...
ACRN vMeet-Up EU 2021 - Bridging Orchestrator and Hard Realtime Workload Cons...ACRN vMeet-Up EU 2021 - Bridging Orchestrator and Hard Realtime Workload Cons...
ACRN vMeet-Up EU 2021 - Bridging Orchestrator and Hard Realtime Workload Cons...Project ACRN
 
Citrix Remote Access Solution Soup
Citrix Remote Access Solution SoupCitrix Remote Access Solution Soup
Citrix Remote Access Solution SoupDan Brinkmann
 
BKK16-410 SoC Idling & CPU Cluster PM
BKK16-410 SoC Idling & CPU Cluster PMBKK16-410 SoC Idling & CPU Cluster PM
BKK16-410 SoC Idling & CPU Cluster PMLinaro
 
XPDS13: Performance Optimization on Xen-based Android Device - Jack Ren, Inte...
XPDS13: Performance Optimization on Xen-based Android Device - Jack Ren, Inte...XPDS13: Performance Optimization on Xen-based Android Device - Jack Ren, Inte...
XPDS13: Performance Optimization on Xen-based Android Device - Jack Ren, Inte...The Linux Foundation
 
VMworld 2014: vSphere HA Best Practices and FT Tech Preview
VMworld 2014: vSphere HA Best Practices and FT Tech PreviewVMworld 2014: vSphere HA Best Practices and FT Tech Preview
VMworld 2014: vSphere HA Best Practices and FT Tech PreviewVMworld
 
VMworld 2015: vSphere Distributed Switch 6 –Technical Deep Dive
VMworld 2015: vSphere Distributed Switch 6 –Technical Deep DiveVMworld 2015: vSphere Distributed Switch 6 –Technical Deep Dive
VMworld 2015: vSphere Distributed Switch 6 –Technical Deep DiveVMworld
 
Using vSAN technology for hosted private cloud storage
Using vSAN technology for hosted private cloud storageUsing vSAN technology for hosted private cloud storage
Using vSAN technology for hosted private cloud storageOVHcloud
 
XPDS14 - Scaling Xen's Aggregate Storage Performance - Felipe Franciosi, Citrix
XPDS14 - Scaling Xen's Aggregate Storage Performance - Felipe Franciosi, CitrixXPDS14 - Scaling Xen's Aggregate Storage Performance - Felipe Franciosi, Citrix
XPDS14 - Scaling Xen's Aggregate Storage Performance - Felipe Franciosi, CitrixThe Linux Foundation
 

What's hot (20)

VMworld 2013: Extreme Performance Series: Network Speed Ahead
VMworld 2013: Extreme Performance Series: Network Speed Ahead VMworld 2013: Extreme Performance Series: Network Speed Ahead
VMworld 2013: Extreme Performance Series: Network Speed Ahead
 
Project ACRN CPU sharing BVT scheduler in ACRN hypervisor
Project ACRN CPU sharing BVT scheduler in ACRN hypervisorProject ACRN CPU sharing BVT scheduler in ACRN hypervisor
Project ACRN CPU sharing BVT scheduler in ACRN hypervisor
 
Host fencing in oVirt - Fixing the unknown and allowing VMs to be highly avai...
Host fencing in oVirt - Fixing the unknown and allowing VMs to be highly avai...Host fencing in oVirt - Fixing the unknown and allowing VMs to be highly avai...
Host fencing in oVirt - Fixing the unknown and allowing VMs to be highly avai...
 
Project ACRN hypervisor introduction
Project ACRN hypervisor introduction Project ACRN hypervisor introduction
Project ACRN hypervisor introduction
 
Quickly Debug VM Failures in OpenStack
Quickly Debug VM Failures in OpenStackQuickly Debug VM Failures in OpenStack
Quickly Debug VM Failures in OpenStack
 
ACRN vMeet-Up EU 2021 - Boot Process and Secure Boot
ACRN vMeet-Up EU 2021 - Boot Process and Secure BootACRN vMeet-Up EU 2021 - Boot Process and Secure Boot
ACRN vMeet-Up EU 2021 - Boot Process and Secure Boot
 
How to Fail at VDI
How to Fail at VDIHow to Fail at VDI
How to Fail at VDI
 
XPDDS18: The Evolution of Virtualization in the Arm Architecture - Julien Gra...
XPDDS18: The Evolution of Virtualization in the Arm Architecture - Julien Gra...XPDDS18: The Evolution of Virtualization in the Arm Architecture - Julien Gra...
XPDDS18: The Evolution of Virtualization in the Arm Architecture - Julien Gra...
 
OVHcloud Hosted Private Cloud Platform Network use cases with VMware NSX
OVHcloud Hosted Private Cloud Platform Network use cases with VMware NSXOVHcloud Hosted Private Cloud Platform Network use cases with VMware NSX
OVHcloud Hosted Private Cloud Platform Network use cases with VMware NSX
 
Disk Performance Comparison Xen v.s. KVM
Disk Performance Comparison Xen v.s. KVMDisk Performance Comparison Xen v.s. KVM
Disk Performance Comparison Xen v.s. KVM
 
Integrating kdump into oVirt
Integrating kdump into oVirtIntegrating kdump into oVirt
Integrating kdump into oVirt
 
VMworld 2017 Core Storage
VMworld 2017 Core StorageVMworld 2017 Core Storage
VMworld 2017 Core Storage
 
ACRN vMeet-Up EU 2021 - Bridging Orchestrator and Hard Realtime Workload Cons...
ACRN vMeet-Up EU 2021 - Bridging Orchestrator and Hard Realtime Workload Cons...ACRN vMeet-Up EU 2021 - Bridging Orchestrator and Hard Realtime Workload Cons...
ACRN vMeet-Up EU 2021 - Bridging Orchestrator and Hard Realtime Workload Cons...
 
Citrix Remote Access Solution Soup
Citrix Remote Access Solution SoupCitrix Remote Access Solution Soup
Citrix Remote Access Solution Soup
 
BKK16-410 SoC Idling & CPU Cluster PM
BKK16-410 SoC Idling & CPU Cluster PMBKK16-410 SoC Idling & CPU Cluster PM
BKK16-410 SoC Idling & CPU Cluster PM
 
XPDS13: Performance Optimization on Xen-based Android Device - Jack Ren, Inte...
XPDS13: Performance Optimization on Xen-based Android Device - Jack Ren, Inte...XPDS13: Performance Optimization on Xen-based Android Device - Jack Ren, Inte...
XPDS13: Performance Optimization on Xen-based Android Device - Jack Ren, Inte...
 
VMworld 2014: vSphere HA Best Practices and FT Tech Preview
VMworld 2014: vSphere HA Best Practices and FT Tech PreviewVMworld 2014: vSphere HA Best Practices and FT Tech Preview
VMworld 2014: vSphere HA Best Practices and FT Tech Preview
 
VMworld 2015: vSphere Distributed Switch 6 –Technical Deep Dive
VMworld 2015: vSphere Distributed Switch 6 –Technical Deep DiveVMworld 2015: vSphere Distributed Switch 6 –Technical Deep Dive
VMworld 2015: vSphere Distributed Switch 6 –Technical Deep Dive
 
Using vSAN technology for hosted private cloud storage
Using vSAN technology for hosted private cloud storageUsing vSAN technology for hosted private cloud storage
Using vSAN technology for hosted private cloud storage
 
XPDS14 - Scaling Xen's Aggregate Storage Performance - Felipe Franciosi, Citrix
XPDS14 - Scaling Xen's Aggregate Storage Performance - Felipe Franciosi, CitrixXPDS14 - Scaling Xen's Aggregate Storage Performance - Felipe Franciosi, Citrix
XPDS14 - Scaling Xen's Aggregate Storage Performance - Felipe Franciosi, Citrix
 

Viewers also liked

XPDS16: Xen Orchestra: building a Cloud on top of Xen - Olivier Lambert & Jul...
XPDS16: Xen Orchestra: building a Cloud on top of Xen - Olivier Lambert & Jul...XPDS16: Xen Orchestra: building a Cloud on top of Xen - Olivier Lambert & Jul...
XPDS16: Xen Orchestra: building a Cloud on top of Xen - Olivier Lambert & Jul...The Linux Foundation
 
XPDS16: libvirt and Tools: What's New and What's Next - James Fehlig, SUSE
XPDS16: libvirt and Tools: What's New and What's Next - James Fehlig, SUSEXPDS16: libvirt and Tools: What's New and What's Next - James Fehlig, SUSE
XPDS16: libvirt and Tools: What's New and What's Next - James Fehlig, SUSEThe Linux Foundation
 
Fosdem 17 - Towards a HVM-like Dom0 for Xen
Fosdem 17 - Towards a HVM-like Dom0 for XenFosdem 17 - Towards a HVM-like Dom0 for Xen
Fosdem 17 - Towards a HVM-like Dom0 for XenThe Linux Foundation
 
XPDS16: Patch review for non-maintainers - George Dunlap, Citrix Systems R&D...
 XPDS16: Patch review for non-maintainers - George Dunlap, Citrix Systems R&D... XPDS16: Patch review for non-maintainers - George Dunlap, Citrix Systems R&D...
XPDS16: Patch review for non-maintainers - George Dunlap, Citrix Systems R&D...The Linux Foundation
 
XPDS16: Scope and Performance of Credit-2 Scheduler. - Anshul Makkar, Ctirix...
XPDS16:  Scope and Performance of Credit-2 Scheduler. - Anshul Makkar, Ctirix...XPDS16:  Scope and Performance of Credit-2 Scheduler. - Anshul Makkar, Ctirix...
XPDS16: Scope and Performance of Credit-2 Scheduler. - Anshul Makkar, Ctirix...The Linux Foundation
 
XPDS16: CPUID handling for guests - Andrew Cooper, Citrix
XPDS16:  CPUID handling for guests - Andrew Cooper, CitrixXPDS16:  CPUID handling for guests - Andrew Cooper, Citrix
XPDS16: CPUID handling for guests - Andrew Cooper, CitrixThe Linux Foundation
 
XPDS16: Keeping coherency on ARM - Julien Grall, ARM
XPDS16: Keeping coherency on ARM - Julien Grall, ARMXPDS16: Keeping coherency on ARM - Julien Grall, ARM
XPDS16: Keeping coherency on ARM - Julien Grall, ARMThe Linux Foundation
 
XPDS16: High-Performance Virtualization for HPC Cloud on Xen - Jun Nakajima &...
XPDS16: High-Performance Virtualization for HPC Cloud on Xen - Jun Nakajima &...XPDS16: High-Performance Virtualization for HPC Cloud on Xen - Jun Nakajima &...
XPDS16: High-Performance Virtualization for HPC Cloud on Xen - Jun Nakajima &...The Linux Foundation
 
XPDS16: Hypervisor-based Security: Vicarious Learning via Introspektioneerin...
XPDS16:  Hypervisor-based Security: Vicarious Learning via Introspektioneerin...XPDS16:  Hypervisor-based Security: Vicarious Learning via Introspektioneerin...
XPDS16: Hypervisor-based Security: Vicarious Learning via Introspektioneerin...The Linux Foundation
 
XPDS16: Porting Xen on ARM to a new SOC - Julien Grall, ARM
XPDS16: Porting Xen on ARM to a new SOC - Julien Grall, ARMXPDS16: Porting Xen on ARM to a new SOC - Julien Grall, ARM
XPDS16: Porting Xen on ARM to a new SOC - Julien Grall, ARMThe Linux Foundation
 
Fosdem17 - Mixed License FOSS Projects
Fosdem17 - Mixed License FOSS ProjectsFosdem17 - Mixed License FOSS Projects
Fosdem17 - Mixed License FOSS ProjectsThe Linux Foundation
 
XPDS13: On Paravirualizing TCP - Congestion Control on Xen VMs - Luwei Cheng,...
XPDS13: On Paravirualizing TCP - Congestion Control on Xen VMs - Luwei Cheng,...XPDS13: On Paravirualizing TCP - Congestion Control on Xen VMs - Luwei Cheng,...
XPDS13: On Paravirualizing TCP - Congestion Control on Xen VMs - Luwei Cheng,...The Linux Foundation
 
XPDS16: AMD's virtualization memory encryption technology - Brijesh Singh, A...
XPDS16:  AMD's virtualization memory encryption technology - Brijesh Singh, A...XPDS16:  AMD's virtualization memory encryption technology - Brijesh Singh, A...
XPDS16: AMD's virtualization memory encryption technology - Brijesh Singh, A...The Linux Foundation
 
Cobbler Summit - Automated Xen VM Deployment
Cobbler Summit - Automated Xen VM DeploymentCobbler Summit - Automated Xen VM Deployment
Cobbler Summit - Automated Xen VM DeploymentAbhishek Singh
 
LF Collaboration Summit: Xen Project 4 4 Features and Futures
LF Collaboration Summit: Xen Project 4 4 Features and FuturesLF Collaboration Summit: Xen Project 4 4 Features and Futures
LF Collaboration Summit: Xen Project 4 4 Features and FuturesThe Linux Foundation
 
LCEU13: Securing your cloud with Xen's advanced security features - George Du...
LCEU13: Securing your cloud with Xen's advanced security features - George Du...LCEU13: Securing your cloud with Xen's advanced security features - George Du...
LCEU13: Securing your cloud with Xen's advanced security features - George Du...The Linux Foundation
 
OSCON16: Analysis of the Xen code review process: An example of software deve...
OSCON16: Analysis of the Xen code review process: An example of software deve...OSCON16: Analysis of the Xen code review process: An example of software deve...
OSCON16: Analysis of the Xen code review process: An example of software deve...The Linux Foundation
 

Viewers also liked (20)

XPDS16: Xen Orchestra: building a Cloud on top of Xen - Olivier Lambert & Jul...
XPDS16: Xen Orchestra: building a Cloud on top of Xen - Olivier Lambert & Jul...XPDS16: Xen Orchestra: building a Cloud on top of Xen - Olivier Lambert & Jul...
XPDS16: Xen Orchestra: building a Cloud on top of Xen - Olivier Lambert & Jul...
 
XPDS16: libvirt and Tools: What's New and What's Next - James Fehlig, SUSE
XPDS16: libvirt and Tools: What's New and What's Next - James Fehlig, SUSEXPDS16: libvirt and Tools: What's New and What's Next - James Fehlig, SUSE
XPDS16: libvirt and Tools: What's New and What's Next - James Fehlig, SUSE
 
Fosdem 17 - Towards a HVM-like Dom0 for Xen
Fosdem 17 - Towards a HVM-like Dom0 for XenFosdem 17 - Towards a HVM-like Dom0 for Xen
Fosdem 17 - Towards a HVM-like Dom0 for Xen
 
XPDS16: Patch review for non-maintainers - George Dunlap, Citrix Systems R&D...
 XPDS16: Patch review for non-maintainers - George Dunlap, Citrix Systems R&D... XPDS16: Patch review for non-maintainers - George Dunlap, Citrix Systems R&D...
XPDS16: Patch review for non-maintainers - George Dunlap, Citrix Systems R&D...
 
XPDS16: Scope and Performance of Credit-2 Scheduler. - Anshul Makkar, Ctirix...
XPDS16:  Scope and Performance of Credit-2 Scheduler. - Anshul Makkar, Ctirix...XPDS16:  Scope and Performance of Credit-2 Scheduler. - Anshul Makkar, Ctirix...
XPDS16: Scope and Performance of Credit-2 Scheduler. - Anshul Makkar, Ctirix...
 
XPDS16: CPUID handling for guests - Andrew Cooper, Citrix
XPDS16:  CPUID handling for guests - Andrew Cooper, CitrixXPDS16:  CPUID handling for guests - Andrew Cooper, Citrix
XPDS16: CPUID handling for guests - Andrew Cooper, Citrix
 
XPDS16: Keeping coherency on ARM - Julien Grall, ARM
XPDS16: Keeping coherency on ARM - Julien Grall, ARMXPDS16: Keeping coherency on ARM - Julien Grall, ARM
XPDS16: Keeping coherency on ARM - Julien Grall, ARM
 
XPDS16: High-Performance Virtualization for HPC Cloud on Xen - Jun Nakajima &...
XPDS16: High-Performance Virtualization for HPC Cloud on Xen - Jun Nakajima &...XPDS16: High-Performance Virtualization for HPC Cloud on Xen - Jun Nakajima &...
XPDS16: High-Performance Virtualization for HPC Cloud on Xen - Jun Nakajima &...
 
XPDS16: Hypervisor-based Security: Vicarious Learning via Introspektioneerin...
XPDS16:  Hypervisor-based Security: Vicarious Learning via Introspektioneerin...XPDS16:  Hypervisor-based Security: Vicarious Learning via Introspektioneerin...
XPDS16: Hypervisor-based Security: Vicarious Learning via Introspektioneerin...
 
XPDS16: Porting Xen on ARM to a new SOC - Julien Grall, ARM
XPDS16: Porting Xen on ARM to a new SOC - Julien Grall, ARMXPDS16: Porting Xen on ARM to a new SOC - Julien Grall, ARM
XPDS16: Porting Xen on ARM to a new SOC - Julien Grall, ARM
 
XPDS16: Xen Development Update
XPDS16: Xen Development UpdateXPDS16: Xen Development Update
XPDS16: Xen Development Update
 
Fosdem17 - Mixed License FOSS Projects
Fosdem17 - Mixed License FOSS ProjectsFosdem17 - Mixed License FOSS Projects
Fosdem17 - Mixed License FOSS Projects
 
Xen summit amd_2010v3
Xen summit amd_2010v3Xen summit amd_2010v3
Xen summit amd_2010v3
 
XPDS13: On Paravirualizing TCP - Congestion Control on Xen VMs - Luwei Cheng,...
XPDS13: On Paravirualizing TCP - Congestion Control on Xen VMs - Luwei Cheng,...XPDS13: On Paravirualizing TCP - Congestion Control on Xen VMs - Luwei Cheng,...
XPDS13: On Paravirualizing TCP - Congestion Control on Xen VMs - Luwei Cheng,...
 
XPDS16: AMD's virtualization memory encryption technology - Brijesh Singh, A...
XPDS16:  AMD's virtualization memory encryption technology - Brijesh Singh, A...XPDS16:  AMD's virtualization memory encryption technology - Brijesh Singh, A...
XPDS16: AMD's virtualization memory encryption technology - Brijesh Singh, A...
 
Cobbler Summit - Automated Xen VM Deployment
Cobbler Summit - Automated Xen VM DeploymentCobbler Summit - Automated Xen VM Deployment
Cobbler Summit - Automated Xen VM Deployment
 
LF Collaboration Summit: Xen Project 4 4 Features and Futures
LF Collaboration Summit: Xen Project 4 4 Features and FuturesLF Collaboration Summit: Xen Project 4 4 Features and Futures
LF Collaboration Summit: Xen Project 4 4 Features and Futures
 
Performance Tuning Xen
Performance Tuning XenPerformance Tuning Xen
Performance Tuning Xen
 
LCEU13: Securing your cloud with Xen's advanced security features - George Du...
LCEU13: Securing your cloud with Xen's advanced security features - George Du...LCEU13: Securing your cloud with Xen's advanced security features - George Du...
LCEU13: Securing your cloud with Xen's advanced security features - George Du...
 
OSCON16: Analysis of the Xen code review process: An example of software deve...
OSCON16: Analysis of the Xen code review process: An example of software deve...OSCON16: Analysis of the Xen code review process: An example of software deve...
OSCON16: Analysis of the Xen code review process: An example of software deve...
 

Similar to XPDS16: Making Migration More Secure - John Shackleton, Adventium Labs

Implementing Raft in RabbitMQ
Implementing Raft in RabbitMQImplementing Raft in RabbitMQ
Implementing Raft in RabbitMQVMware Tanzu
 
SolarWinds User Group - Hawaii November 2016
SolarWinds User Group - Hawaii November 2016SolarWinds User Group - Hawaii November 2016
SolarWinds User Group - Hawaii November 2016SolarWinds
 
Go-to-Market Insights for Service Providers Deploying Flash Storage
Go-to-Market Insights for Service Providers Deploying Flash Storage Go-to-Market Insights for Service Providers Deploying Flash Storage
Go-to-Market Insights for Service Providers Deploying Flash Storage NetApp
 
DataEngConf: Apache Kafka at Rocana: a scalable, distributed log for machine ...
DataEngConf: Apache Kafka at Rocana: a scalable, distributed log for machine ...DataEngConf: Apache Kafka at Rocana: a scalable, distributed log for machine ...
DataEngConf: Apache Kafka at Rocana: a scalable, distributed log for machine ...Hakka Labs
 
Achieving Network Deployment Flexibility with Mirantis OpenStack
Achieving Network Deployment Flexibility with Mirantis OpenStackAchieving Network Deployment Flexibility with Mirantis OpenStack
Achieving Network Deployment Flexibility with Mirantis OpenStackEric Zhaohui Ji
 
CisCon 2018 - Analytics per Storage Area Networks
CisCon 2018 - Analytics per Storage Area NetworksCisCon 2018 - Analytics per Storage Area Networks
CisCon 2018 - Analytics per Storage Area NetworksAreaNetworking.it
 
Accumulo Summit 2016: Cryptographically Enforcing Visibility Fields
Accumulo Summit 2016: Cryptographically Enforcing Visibility FieldsAccumulo Summit 2016: Cryptographically Enforcing Visibility Fields
Accumulo Summit 2016: Cryptographically Enforcing Visibility FieldsAccumulo Summit
 
Open vSwitch Implementation Options
Open vSwitch Implementation Options Open vSwitch Implementation Options
Open vSwitch Implementation Options Netronome
 
Understanding Cisco’ Next Generation SD-WAN Technology
Understanding Cisco’ Next Generation SD-WAN TechnologyUnderstanding Cisco’ Next Generation SD-WAN Technology
Understanding Cisco’ Next Generation SD-WAN TechnologyCisco Canada
 
Security and Virtualization in the Data Center
Security and Virtualization in the Data CenterSecurity and Virtualization in the Data Center
Security and Virtualization in the Data CenterCisco Canada
 
Apache Kafka Bay Area Sep Meetup - 24/7 Customer, Inc.
Apache Kafka Bay Area Sep Meetup - 24/7 Customer, Inc.Apache Kafka Bay Area Sep Meetup - 24/7 Customer, Inc.
Apache Kafka Bay Area Sep Meetup - 24/7 Customer, Inc.Suneet Grover
 
Understanding Cisco’s Next Generation SD-WAN Solution with Viptela
Understanding Cisco’s Next Generation SD-WAN Solution with ViptelaUnderstanding Cisco’s Next Generation SD-WAN Solution with Viptela
Understanding Cisco’s Next Generation SD-WAN Solution with ViptelaCisco Canada
 
Building the Glue for Service Discovery & Load Balancing Microservices
Building the Glue for Service Discovery & Load Balancing MicroservicesBuilding the Glue for Service Discovery & Load Balancing Microservices
Building the Glue for Service Discovery & Load Balancing MicroservicesSargun Dhillon
 
OpenStack Ottawa MeetUp - April 3rd 2018
OpenStack Ottawa MeetUp - April 3rd 2018OpenStack Ottawa MeetUp - April 3rd 2018
OpenStack Ottawa MeetUp - April 3rd 2018Stacy Véronneau
 
MySQL High Availability with Group Replication
MySQL High Availability with Group ReplicationMySQL High Availability with Group Replication
MySQL High Availability with Group ReplicationNuno Carvalho
 
Cloud Computing with OpenStack
Cloud Computing with OpenStackCloud Computing with OpenStack
Cloud Computing with OpenStackinside-BigData.com
 
Танки в облаках
Танки в облакахТанки в облаках
Танки в облакахOpenStackRussia
 
Design and Deployment of Enterprise WLANs
Design and Deployment of Enterprise WLANsDesign and Deployment of Enterprise WLANs
Design and Deployment of Enterprise WLANsFab Fusaro
 
Improving CloudStack for operators
Improving CloudStack for operatorsImproving CloudStack for operators
Improving CloudStack for operatorsShapeBlue
 

Similar to XPDS16: Making Migration More Secure - John Shackleton, Adventium Labs (20)

Implementing Raft in RabbitMQ
Implementing Raft in RabbitMQImplementing Raft in RabbitMQ
Implementing Raft in RabbitMQ
 
SolarWinds User Group - Hawaii November 2016
SolarWinds User Group - Hawaii November 2016SolarWinds User Group - Hawaii November 2016
SolarWinds User Group - Hawaii November 2016
 
Go-to-Market Insights for Service Providers Deploying Flash Storage
Go-to-Market Insights for Service Providers Deploying Flash Storage Go-to-Market Insights for Service Providers Deploying Flash Storage
Go-to-Market Insights for Service Providers Deploying Flash Storage
 
DataEngConf: Apache Kafka at Rocana: a scalable, distributed log for machine ...
DataEngConf: Apache Kafka at Rocana: a scalable, distributed log for machine ...DataEngConf: Apache Kafka at Rocana: a scalable, distributed log for machine ...
DataEngConf: Apache Kafka at Rocana: a scalable, distributed log for machine ...
 
Achieving Network Deployment Flexibility with Mirantis OpenStack
Achieving Network Deployment Flexibility with Mirantis OpenStackAchieving Network Deployment Flexibility with Mirantis OpenStack
Achieving Network Deployment Flexibility with Mirantis OpenStack
 
CisCon 2018 - Analytics per Storage Area Networks
CisCon 2018 - Analytics per Storage Area NetworksCisCon 2018 - Analytics per Storage Area Networks
CisCon 2018 - Analytics per Storage Area Networks
 
Accumulo Summit 2016: Cryptographically Enforcing Visibility Fields
Accumulo Summit 2016: Cryptographically Enforcing Visibility FieldsAccumulo Summit 2016: Cryptographically Enforcing Visibility Fields
Accumulo Summit 2016: Cryptographically Enforcing Visibility Fields
 
Open vSwitch Implementation Options
Open vSwitch Implementation Options Open vSwitch Implementation Options
Open vSwitch Implementation Options
 
Understanding Cisco’ Next Generation SD-WAN Technology
Understanding Cisco’ Next Generation SD-WAN TechnologyUnderstanding Cisco’ Next Generation SD-WAN Technology
Understanding Cisco’ Next Generation SD-WAN Technology
 
Security and Virtualization in the Data Center
Security and Virtualization in the Data CenterSecurity and Virtualization in the Data Center
Security and Virtualization in the Data Center
 
Apache Kafka Bay Area Sep Meetup - 24/7 Customer, Inc.
Apache Kafka Bay Area Sep Meetup - 24/7 Customer, Inc.Apache Kafka Bay Area Sep Meetup - 24/7 Customer, Inc.
Apache Kafka Bay Area Sep Meetup - 24/7 Customer, Inc.
 
Understanding Cisco’s Next Generation SD-WAN Solution with Viptela
Understanding Cisco’s Next Generation SD-WAN Solution with ViptelaUnderstanding Cisco’s Next Generation SD-WAN Solution with Viptela
Understanding Cisco’s Next Generation SD-WAN Solution with Viptela
 
Building the Glue for Service Discovery & Load Balancing Microservices
Building the Glue for Service Discovery & Load Balancing MicroservicesBuilding the Glue for Service Discovery & Load Balancing Microservices
Building the Glue for Service Discovery & Load Balancing Microservices
 
OpenStack Ottawa MeetUp - April 3rd 2018
OpenStack Ottawa MeetUp - April 3rd 2018OpenStack Ottawa MeetUp - April 3rd 2018
OpenStack Ottawa MeetUp - April 3rd 2018
 
MySQL High Availability with Group Replication
MySQL High Availability with Group ReplicationMySQL High Availability with Group Replication
MySQL High Availability with Group Replication
 
Cloud Computing with OpenStack
Cloud Computing with OpenStackCloud Computing with OpenStack
Cloud Computing with OpenStack
 
Танки в облаках
Танки в облакахТанки в облаках
Танки в облаках
 
Design and Deployment of Enterprise WLANs
Design and Deployment of Enterprise WLANsDesign and Deployment of Enterprise WLANs
Design and Deployment of Enterprise WLANs
 
Blr hadoop meetup
Blr hadoop meetupBlr hadoop meetup
Blr hadoop meetup
 
Improving CloudStack for operators
Improving CloudStack for operatorsImproving CloudStack for operators
Improving CloudStack for operators
 

More from The Linux Foundation

ELC2019: Static Partitioning Made Simple
ELC2019: Static Partitioning Made SimpleELC2019: Static Partitioning Made Simple
ELC2019: Static Partitioning Made SimpleThe Linux Foundation
 
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...The Linux Foundation
 
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...The Linux Foundation
 
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...The Linux Foundation
 
XPDDS19 Keynote: Unikraft Weather Report
XPDDS19 Keynote:  Unikraft Weather ReportXPDDS19 Keynote:  Unikraft Weather Report
XPDDS19 Keynote: Unikraft Weather ReportThe Linux Foundation
 
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...The Linux Foundation
 
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, XilinxXPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, XilinxThe Linux Foundation
 
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...The Linux Foundation
 
XPDDS19: Memories of a VM Funk - Mihai Donțu, Bitdefender
XPDDS19: Memories of a VM Funk - Mihai Donțu, BitdefenderXPDDS19: Memories of a VM Funk - Mihai Donțu, Bitdefender
XPDDS19: Memories of a VM Funk - Mihai Donțu, BitdefenderThe Linux Foundation
 
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...
OSSJP/ALS19:  The Road to Safety Certification: Overcoming Community Challeng...OSSJP/ALS19:  The Road to Safety Certification: Overcoming Community Challeng...
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...The Linux Foundation
 
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
 OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making... OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...The Linux Foundation
 
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, CitrixXPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, CitrixThe Linux Foundation
 
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltdXPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltdThe Linux Foundation
 
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...The Linux Foundation
 
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&D
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&DXPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&D
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&DThe Linux Foundation
 
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM SystemsXPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM SystemsThe Linux Foundation
 
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...The Linux Foundation
 
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...The Linux Foundation
 
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...The Linux Foundation
 
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSE
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSEXPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSE
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSEThe Linux Foundation
 

More from The Linux Foundation (20)

ELC2019: Static Partitioning Made Simple
ELC2019: Static Partitioning Made SimpleELC2019: Static Partitioning Made Simple
ELC2019: Static Partitioning Made Simple
 
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
 
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...
 
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...
 
XPDDS19 Keynote: Unikraft Weather Report
XPDDS19 Keynote:  Unikraft Weather ReportXPDDS19 Keynote:  Unikraft Weather Report
XPDDS19 Keynote: Unikraft Weather Report
 
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...
 
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, XilinxXPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
 
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...
 
XPDDS19: Memories of a VM Funk - Mihai Donțu, Bitdefender
XPDDS19: Memories of a VM Funk - Mihai Donțu, BitdefenderXPDDS19: Memories of a VM Funk - Mihai Donțu, Bitdefender
XPDDS19: Memories of a VM Funk - Mihai Donțu, Bitdefender
 
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...
OSSJP/ALS19:  The Road to Safety Certification: Overcoming Community Challeng...OSSJP/ALS19:  The Road to Safety Certification: Overcoming Community Challeng...
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...
 
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
 OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making... OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
 
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, CitrixXPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix
 
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltdXPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd
 
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...
 
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&D
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&DXPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&D
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&D
 
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM SystemsXPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems
 
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
 
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...
 
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
 
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSE
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSEXPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSE
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSE
 

Recently uploaded

Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-pyJamie (Taka) Wang
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfDaniel Santiago Silva Capera
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfinfogdgmi
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsSafe Software
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopBachir Benyammi
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPathCommunity
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarPrecisely
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Brian Pichman
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 

Recently uploaded (20)

Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-py
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdf
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 Workshop
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation Developers
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 

XPDS16: Making Migration More Secure - John Shackleton, Adventium Labs

  • 1. Making  Migra)on  More  Secure   John  Shackleton   Adven0um  Labs   August  25,  2016   8/16/16   ©  Adven0um  Labs  2016   Approved  for  Public  Release;  Distribu0on  Unlimited:  88ABW-­‐2016-­‐3682  &  20160726   1   This  material  based  upon  work  supported  by  the  United  States  Air  Force  under  Contract  No.  FA8750-­‐10-­‐ D-­‐0197/0012.  Any  opinions,  findings  and  conclusions  or  recommenda0ons  expressed  in  this  material  are  those   of  the  author  and  do  not  necessarily  reflect  the  views  of  he  United  States  Air  Force.  
  • 2. Live  Migra0on   8/16/16   ©  Adven0um  Labs  2016   Approved  for  Public  Release;  Distribu0on  Unlimited:  88ABW-­‐2016-­‐3682  &  20160726   2   Hypervisor   Guest   VM   Hypervisor   Server  A   Server  B   •  Perhaps  most  fundamental  of  cloud  opera0ons.   •  Focus  has  been  on  FAST  and  RELIABLE.   Pu0ng  efficiency  above  security  may  ul)mately  lead   to  reduced  efficiency.  
  • 3. Different  Storage  Configura0ons   8/16/16   ©  Adven0um  Labs  2016   Approved  for  Public  Release;  Distribu0on  Unlimited:  88ABW-­‐2016-­‐3682  &  20160726   3   Shared  Disk   Replicated  Disk   Remote  Referencing   Shared  Nothing   Server  A   Server  B   VM   Server  A   Server  B   VM   VM   Server  A   Server  B   VM   NBD   Server  A   Server  B   VM   COPY   COPY  
  • 4. Basic  Migra0on  Process   8/16/16   ©  Adven0um  Labs  2016   Approved  for  Public  Release;  Distribu0on  Unlimited:  88ABW-­‐2016-­‐3682  &  20160726   4   Server  A   Server  B   4)  Resume  VM   6)  Release  old  VM  footprint   2)  Pause  VM   1)  Create  mirror   3)  Transfer  State  and  Metadata   5)  Remove  mirror  
  • 5. Advanced  Cyberadack  Examples   •  Spoofing:  Mimicking  a  server  to  gain  unauthorized  access.   •  Thrashing:  A  sophis0cated  DOS  adack.   •  Smash  and  Grab:  Forcing  source  or  des0na0on  VM  image  into  a   bad  state.   •  Bait  and  Switch:  Crea0ng  a  deliberate  failure  to  create  shadow  copy   of  the  source  VM.   8/16/16   ©  Adven0um  Labs  2016   Approved  for  Public  Release;  Distribu0on  Unlimited:  88ABW-­‐2016-­‐3682  &  20160726   5   Server  A   Server  B   Many  aBacks  seek  to  disrupt  the  system  or  exfiltrate   informa)on.    
  • 6. Other  Migra0on  Challenges   8/16/16   ©  Adven0um  Labs  2016   Approved  for  Public  Release;  Distribu0on  Unlimited:  88ABW-­‐2016-­‐3682  &  20160726   6   Hypervisor   Hypervisor   Storage   Domain   Network   Domain   Server  A   Server  B   Guest   VM   MAC   Policy   MAC   Policy   Crypto   Keys   Crypto   Keys   Dele0on   Certainty   Migra0on   Policy  
  • 7. Hypervisor   Migra0on  of  Service  Domains   8/16/16   ©  Adven0um  Labs  2016   Approved  for  Public  Release;  Distribu0on  Unlimited:  88ABW-­‐2016-­‐3682  &  20160726   7   Hypervisor   Storage   Domain   Network   Domain   Guest   VM   disk   NIC   Device   Pass-­‐through   There  is  a  need  to  support  group  migra)ons  or     refined  pre/post  migra)on  customiza)on  
  • 8. Details  of  Migra0on  and  Device  Pass-­‐Through   8/16/16   ©  Adven0um  Labs  2016   Approved  for  Public  Release;  Distribu0on  Unlimited:  88ABW-­‐2016-­‐3682  &  20160726   8   Hypervisor   Dom0   Storage   Domain   VM   Virtual   Disk   Physical  Storage   PCI   pass-­‐ through   Storage   Repository   Physical   Block   Device   Guest   VM   Storage   Driver   Domain   UUID   Storage   Repository   UUID   Reference   Maintained  in   Migra0on   Reference   Broken  in   Migra0on   XenServer  
  • 9. Migra0on  of  Crypto  Keys   8/16/16   ©  Adven0um  Labs  2016   Approved  for  Public  Release;  Distribu0on  Unlimited:  88ABW-­‐2016-­‐3682  &  20160726   9   Hypervisor   Storage   Domain   Network   Domain   Guest   VM   There  is  no  industry  standard  for  key  management,  and   hence  no  industry  standard  for  key  migra)on.   Crypto   Keys   ?   •  Networked  key   management  (KMIP)   •  Local  cer0ficate   authori0es   •  Migrate  local  keys  with   the  VM   •  Manual  key  management   •  vTPM  migra0on  
  • 10. Migra0on  of  MAC  Policies   8/16/16   ©  Adven0um  Labs  2016   Approved  for  Public  Release;  Distribu0on  Unlimited:  88ABW-­‐2016-­‐3682  &  20160726   10   Hypervisor   Storage   Domain   Network   Domain   Guest   VM   XSM  Policies  must  be  wriBen  to  enforce  authorized   migra)on  and  to  accommodate  migra)ng  guests.   MAC   policy   ?   •  XSM  policies  are  sta0c.   •  Consequently  XSM  policies   must  be  well  designed  and   consistent  between  servers   (and  server  pools).   •  Run-­‐0me  enforcement  of   consistent  policies  is   advantageous.   •  It  is  largely  the  administrator’s   responsibility  to  coordinate   XSM  policies  of  migra0ng  VMs.  
  • 11. Extensions  to  Xen-­‐based  Migra0on  that   Would  Enhance  Security   •  Customiza)on:  Support  pre-­‐  and  post-­‐migra0on  scripts  to  handle   specific  device  pass-­‐through  issues.   •  MAC  Policy  Enforcement:  At  both  source  and  des0na0on  servers,   enforced  defined  policies  regarding  who  can  move  which  VMs.   •  Group  Migra)ons:  Handle  groups  of  VM  together  to  support   associated  service  VMs.   •  Atomicity  and  Robust  Error  Handling:  Provide  comprehensive  roll-­‐ back  if  errors  occur  during  migra0on.   •  Dele)on  Certainty:  Provide  op0on  to  zeroize  contents  and   associated  data  of  source  VM  footprint  to  ensure  security.   •  Migra)on  Policy:  At  both  source  and  des0na0on  servers,  support   defined  policies  regarding  when  and  where  a  VM  is  allowed  to   migrate.   8/16/16   ©  Adven0um  Labs  2016   Approved  for  Public  Release;  Distribu0on  Unlimited:  88ABW-­‐2016-­‐3682  &  20160726   11