Secure Live KVM VM Migration with CloudStack 4.11.1

[Steve Roles <st...@shapeblue.com>]

Hi all - if you're interested in the topic, Rohit has written a blog about it here: https://www.shapeblue.com/secure-live-kvm-vm-migration-with-cloudstack-4-11-1/

Best regards,


steve.roles@shapeblue.com 
www.shapeblue.com
53 Chandos Place, Covent Garden, London  WC2N 4HSUK
@shapeblue
  
 

RE: Secure Live KVM VM Migration with CloudStack 4.11.1

[Piotr Pisz <pp...@pulab.pl>]

Hi Rohit,

The operation you are writing about is beyond my capabilities, could you write how to perform such encryption and update such a table correctly? I will be very obliged :-)

Best regards,
Piotr


-----Original Message-----
From: Rohit Yadav <ro...@shapeblue.com> 
Sent: Monday, July 23, 2018 10:03 AM
To: users@cloudstack.apache.org; ppisz@pulab.pl
Subject: Re: Secure Live KVM VM Migration with CloudStack 4.11.1

Hi Piotr,


In the current implementation, the plugin cannot be used to act as a sub-ordinate or intermediate CA out of the box. One can write a new CA plugin. However, for the default root-ca plugin you can set your own CA keypair and certificate in cloud.configuration table (this will require encrypting the value/string and updating in the table/db), the only requirement is that the CA certificate should have the same attributes/fields as generated by CloudStack for example the certificate can be used for signing other certificates (act as a CA) etc.


- Rohit

<https://cloudstack.apache.org>



________________________________
From: Piotr Pisz <pp...@pulab.pl>
Sent: Tuesday, July 17, 2018 4:11:48 PM
To: users@cloudstack.apache.org
Subject: RE: Secure Live KVM VM Migration with CloudStack 4.11.1

Hi Steve,

Is there any chance that the inbuilt certicate authority would act as a subordinate ca (not root ca)?

Regards,
Piotr



rohit.yadav@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London  WC2N 4HSUK @shapeblue
  
 


-----Original Message-----
From: Steve Roles <st...@shapeblue.com>
Sent: Monday, July 16, 2018 4:38 PM
To: 'dev' <de...@cloudstack.apache.org>; users@cloudstack.apache.org
Subject: Secure Live KVM VM Migration with CloudStack 4.11.1

Hi all - if you're interested in the topic, Rohit has written a blog about it here: https://www.shapeblue.com/secure-live-kvm-vm-migration-with-cloudstack-4-11-1/

Best regards,


steve.roles@shapeblue.com
www.shapeblue.com<http://www.shapeblue.com>
53 Chandos Place, Covent Garden, London  WC2N 4HSUK @shapeblue

Re: Secure Live KVM VM Migration with CloudStack 4.11.1

[Rohit Yadav <ro...@shapeblue.com>]

Hi Piotr,


In the current implementation, the plugin cannot be used to act as a sub-ordinate or intermediate CA out of the box. One can write a new CA plugin. However, for the default root-ca plugin you can set your own CA keypair and certificate in cloud.configuration table (this will require encrypting the value/string and updating in the table/db), the only requirement is that the CA certificate should have the same attributes/fields as generated by CloudStack for example the certificate can be used for signing other certificates (act as a CA) etc.


- Rohit

<https://cloudstack.apache.org>



________________________________
From: Piotr Pisz <pp...@pulab.pl>
Sent: Tuesday, July 17, 2018 4:11:48 PM
To: users@cloudstack.apache.org
Subject: RE: Secure Live KVM VM Migration with CloudStack 4.11.1

Hi Steve,

Is there any chance that the inbuilt certicate authority would act as a subordinate ca (not root ca)?

Regards,
Piotr



rohit.yadav@shapeblue.com 
www.shapeblue.com
53 Chandos Place, Covent Garden, London  WC2N 4HSUK
@shapeblue
  
 


-----Original Message-----
From: Steve Roles <st...@shapeblue.com>
Sent: Monday, July 16, 2018 4:38 PM
To: 'dev' <de...@cloudstack.apache.org>; users@cloudstack.apache.org
Subject: Secure Live KVM VM Migration with CloudStack 4.11.1

Hi all - if you're interested in the topic, Rohit has written a blog about it here: https://www.shapeblue.com/secure-live-kvm-vm-migration-with-cloudstack-4-11-1/

Best regards,


steve.roles@shapeblue.com
www.shapeblue.com<http://www.shapeblue.com>
53 Chandos Place, Covent Garden, London  WC2N 4HSUK @shapeblue

RE: Secure Live KVM VM Migration with CloudStack 4.11.1

[Steve Roles <st...@shapeblue.com>]

Hi Piotr. I didn't write the blog, but I have copied in the author and I'm sure he'll reply when he's back from his holiday. 

Steve Roles

steve.roles@shapeblue.com 
www.shapeblue.com
53 Chandos Place, Covent Garden, London  WC2N 4HSUK
@shapeblue
  
 


-----Original Message-----
From: Piotr Pisz <pp...@pulab.pl> 
Sent: 17 July 2018 11:42
To: users@cloudstack.apache.org
Subject: RE: Secure Live KVM VM Migration with CloudStack 4.11.1

Hi Steve,

Is there any chance that the inbuilt certicate authority would act as a subordinate ca (not root ca)?

Regards,
Piotr



-----Original Message-----
From: Steve Roles <st...@shapeblue.com> 
Sent: Monday, July 16, 2018 4:38 PM
To: 'dev' <de...@cloudstack.apache.org>; users@cloudstack.apache.org
Subject: Secure Live KVM VM Migration with CloudStack 4.11.1

Hi all - if you're interested in the topic, Rohit has written a blog about it here: https://www.shapeblue.com/secure-live-kvm-vm-migration-with-cloudstack-4-11-1/

Best regards,


steve.roles@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London  WC2N 4HSUK @shapeblue
  
 

RE: Secure Live KVM VM Migration with CloudStack 4.11.1

[Piotr Pisz <pp...@pulab.pl>]

Hi Steve,

Is there any chance that the inbuilt certicate authority would act as a subordinate ca (not root ca)?

Regards,
Piotr



-----Original Message-----
From: Steve Roles <st...@shapeblue.com> 
Sent: Monday, July 16, 2018 4:38 PM
To: 'dev' <de...@cloudstack.apache.org>; users@cloudstack.apache.org
Subject: Secure Live KVM VM Migration with CloudStack 4.11.1

Hi all - if you're interested in the topic, Rohit has written a blog about it here: https://www.shapeblue.com/secure-live-kvm-vm-migration-with-cloudstack-4-11-1/

Best regards,


steve.roles@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London  WC2N 4HSUK @shapeblue