[DISCUSS] Support for Intel TXT technology

[Hari Kannan <ha...@citrix.com>]

Hello All,

I wish to propose Support for Intel TXT for Cloud Use cases - I have added some details here https://cwiki.apache.org/confluence/display/CLOUDSTACK/Support+for+Intel+TXT+Technology

along with a JIRA ticket https://issues.apache.org/jira/browse/CLOUDSTACK-939

Please review and comment

Hari Kannan

Re: [DISCUSS] Support for Intel TXT technology

[Chip Childers <ch...@sungard.com>]

Discussion limited to cloudstack-dev@ list.

On Wed, Jan 9, 2013 at 3:37 PM, Animesh Chaturvedi
<an...@citrix.com> wrote:
> This came in as I was following up on  action item from IRC today. This feature is something that has already been developed before ACS 4.0 and processes were formalized and also had been demonstrated in public forms such as in Intel Developers Forum last Sept but somehow missed getting filed. Can we consider it as an exception and take it for 4.1.  I understand we are few days past cutoff,  I will ensure we are more diligent in future.
>

So if it's done, it needs to come through the IP clearance process.

Step 1 is for the source code to be posted somewhere publicly for us
to review.  Following that, we should initiate a VOTE for 72 hours on
our dev list for including the proposed donation.  After that, someone
needs to find an officer or ASF member that is willing to sponsor the
process of working it through the incubator's IP clearance process.

I'd also ask for the design to be included in the FS wiki page.  I
assume this isn't a problem, since the code is complete.  This will
allow us to have complete design docs for the release's features.

As for the feature itself, is this another XenServer only feature
proposal?  We had discussed XenServer only issues during the Host
Update Notification feature discussion, and (along with other
concerns) we had agreed that features should be built to at least lay
the groundwork for support beyond just one hypervisor.

> Animesh
>> -----Original Message-----
>> From: David Nalley [mailto:david@gnsa.us]
>> Sent: Wednesday, January 09, 2013 11:46 AM
>> To: cloudstack-dev@incubator.apache.org
>> Cc: cloudstack-users@incubator.apache.org
>> Subject: Re: [DISCUSS] Support for Intel TXT technology
>>
>> On Wed, Jan 9, 2013 at 2:40 PM, Hari Kannan <ha...@citrix.com> wrote:
>> >
>> > Hello All,
>> >
>> > I wish to propose Support for Intel TXT for Cloud Use cases - I have
>> > added some details here
>> > https://cwiki.apache.org/confluence/display/CLOUDSTACK/Support+for+Int
>> > el+TXT+Technology
>> >
>> > along with a JIRA ticket
>> > https://issues.apache.org/jira/browse/CLOUDSTACK-939
>> >
>> > Please review and comment
>> >
>> > Hari Kannan
>>
>> I've commented on the ticket. This has come in after our agreed proposal
>> deadline, so I've changed the targeted version to Future.
>>
>> --David
>

RE: [DISCUSS] Support for Intel TXT technology

[Alex Huang <Al...@citrix.com>]

Devdeep,

What you listed here are good starts to the requirements gathering.  Why not post them on the wiki?

We do need to resolve the license issue though.

--Alex

> -----Original Message-----
> From: Devdeep Singh [mailto:devdeep.singh@citrix.com]
> Sent: Thursday, January 10, 2013 12:04 AM
> To: cloudstack-dev@incubator.apache.org
> Subject: RE: [DISCUSS] Support for Intel TXT technology
> 
> Hi Hari,
> 
> In point 3, I just want to bring out that CloudStack will have to be configured
> to talk to the attestation service. Is it correct to conclude that support needs
> to be added only for Intel attestation service?
> 
> Regards,
> Devdeep
> 
> > -----Original Message-----
> > From: Hari Kannan [mailto:hari.kannan@citrix.com]
> > Sent: Thursday, January 10, 2013 12:19 PM
> > To: cloudstack-dev@incubator.apache.org
> > Subject: RE: [DISCUSS] Support for Intel TXT technology
> >
> > Hi Devdeep,
> >
> > What is the difference between 1 and 3 below? Look same to me.
> >
> > These assumptions seem fair to me.
> >
> > I think the code name you refer to below for the attestation server is Intel
> > internal codename - I'm not sure if we should be referring by this name..
> >
> > Hari
> >
> > -----Original Message-----
> > From: Devdeep Singh [mailto:devdeep.singh@citrix.com]
> > Sent: Wednesday, January 9, 2013 10:41 PM
> > To: cloudstack-dev@incubator.apache.org
> > Subject: RE: [DISCUSS] Support for Intel TXT technology
> >
> > I would like to get some of the requirements cleared before working on
> the
> > FS. There were several assumptions made in the POC and they need to be
> > clarified.
> >
> > 1. CloudStack will have to talk to a attestation server to check if a host is
> > trusted or not. Is it correct to assume the attestation server; which can be a
> > virtual appliance; is not managed by CloudStack?
> > 2. The trust relation between the attestation server and hosts will be
> > established outside the scope of CloudStack. CloudStack will just check with
> > the attestation server whether a host is trusted or not.
> > 3. Intel attestation server is called Mt. Wilson. Anyone who is interested in
> > using the feature will have to setup the Mt. Wilson server and configure
> > CloudStack to talk to it.
> > 4. Mt. Wilson provides an API Client toolkit (jar files) for quick integration. I
> am
> > not sure how they are licensed, but if they are not compatible with apache
> > license, this feature will have be under 'nonoss'.
> >
> > Regards,
> > Devdeep
> >
> > > -----Original Message-----
> > > From: Animesh Chaturvedi [mailto:animesh.chaturvedi@citrix.com]
> > > Sent: Thursday, January 10, 2013 2:48 AM
> > > To: cloudstack-dev@incubator.apache.org
> > > Subject: RE: [DISCUSS] Support for Intel TXT technology
> > >
> > > Sure Devdeep can provide the details
> > >
> > > > -----Original Message-----
> > > > From: Chip Childers [mailto:chip.childers@sungard.com]
> > > > Sent: Wednesday, January 09, 2013 1:00 PM
> > > > To: cloudstack-dev@incubator.apache.org
> > > > Subject: Re: [DISCUSS] Support for Intel TXT technology
> > > >
> > > > On Wed, Jan 9, 2013 at 3:56 PM, Hari Kannan <ha...@citrix.com>
> > > wrote:
> > > > > Hi Chip,
> > > > >
> > > > > I will let Animesh comment on the IP/repo stuff - regarding the
> > > > > other
> > > > > 2 topics you raised
> > > > >
> > > > > - I wouldn't claim code at a  "done" level yet - we did develop
> > > > > code to a sufficient level to demo, but it would need some more
> > > > > work for sure. It hadn't made it as part of any Citrix commercial
> > > > > product either - it was developed, showcased but hasn't yet seen
> > > > > the light of the day
> > > >
> > > > Understood...  so perhaps there isn't a design document.  Perhaps
> > > > the author of the code (not sure who it is) wouldn't mind adding
> > > > some basic design elements to the FS wiki page.  That will help the
> > > > community evaluate the inclusion of the donated code.
> > > >
> > > > > - Regarding the XS part, it has been developed/tested only for XS
> > > > > - however,
> > > > the feature is not restricted for XS - in other words, unlike the
> > > > host updates, which was meant to be for XS only, this feature
> > > > eventually must support all hypervisors (or even baremetal servers)
> > > > - at this time, it has been developed for XS only..
> > > > >
> > > >
> > > > Excellent.  I'd like to see that reflected in the design / code as
> > > > well, but glad to hear it was a consideration!
> > > >
> > > > > Hari
> > > > >
> > > > > -----Original Message-----
> > > > > From: Chip Childers [mailto:chip.childers@sungard.com]
> > > > > Sent: Wednesday, January 9, 2013 12:52 PM
> > > > > To: cloudstack-dev@incubator.apache.org
> > > > > Subject: Re: [DISCUSS] Support for Intel TXT technology
> > > > >
> > > > > On Wed, Jan 9, 2013 at 3:44 PM, David Nalley <da...@gnsa.us> wrote:
> > > > >> On Wed, Jan 9, 2013 at 3:37 PM, Animesh Chaturvedi
> > > > >> <an...@citrix.com> wrote:
> > > > >>> This came in as I was following up on  action item from IRC today.
> > > > >>> This
> > > > feature is something that has already been developed before ACS 4.0
> > > > and processes were formalized and also had been demonstrated in
> > > > public forms such as in Intel Developers Forum last Sept but somehow
> > > > missed
> > > getting filed.
> > > > Can we consider it as an exception and take it for 4.1.  I
> > > > understand we are few days past cutoff,  I will ensure we are more
> diligent
> > in future.
> > > > >>>
> > > > >>> Animesh
> > > > >>
> > > > >>
> > > > >> Is the code already in the repo? Or was it developed externally?
> > > > >>
> > > > >
> > > > > Good question.  My previous email made the assumption that it was
> > > > > not
> > > > currently in the project repo, but I could certainly be mistaken.
> > > > >
> > > > > -chip
> > > > >

RE: [DISCUSS] Support for Intel TXT technology

[Devdeep Singh <de...@citrix.com>]

Hi Hari,

In point 3, I just want to bring out that CloudStack will have to be configured to talk to the attestation service. Is it correct to conclude that support needs to be added only for Intel attestation service?

Regards,
Devdeep

> -----Original Message-----
> From: Hari Kannan [mailto:hari.kannan@citrix.com]
> Sent: Thursday, January 10, 2013 12:19 PM
> To: cloudstack-dev@incubator.apache.org
> Subject: RE: [DISCUSS] Support for Intel TXT technology
> 
> Hi Devdeep,
> 
> What is the difference between 1 and 3 below? Look same to me.
> 
> These assumptions seem fair to me.
> 
> I think the code name you refer to below for the attestation server is Intel
> internal codename - I'm not sure if we should be referring by this name..
> 
> Hari
> 
> -----Original Message-----
> From: Devdeep Singh [mailto:devdeep.singh@citrix.com]
> Sent: Wednesday, January 9, 2013 10:41 PM
> To: cloudstack-dev@incubator.apache.org
> Subject: RE: [DISCUSS] Support for Intel TXT technology
> 
> I would like to get some of the requirements cleared before working on the
> FS. There were several assumptions made in the POC and they need to be
> clarified.
> 
> 1. CloudStack will have to talk to a attestation server to check if a host is
> trusted or not. Is it correct to assume the attestation server; which can be a
> virtual appliance; is not managed by CloudStack?
> 2. The trust relation between the attestation server and hosts will be
> established outside the scope of CloudStack. CloudStack will just check with
> the attestation server whether a host is trusted or not.
> 3. Intel attestation server is called Mt. Wilson. Anyone who is interested in
> using the feature will have to setup the Mt. Wilson server and configure
> CloudStack to talk to it.
> 4. Mt. Wilson provides an API Client toolkit (jar files) for quick integration. I am
> not sure how they are licensed, but if they are not compatible with apache
> license, this feature will have be under 'nonoss'.
> 
> Regards,
> Devdeep
> 
> > -----Original Message-----
> > From: Animesh Chaturvedi [mailto:animesh.chaturvedi@citrix.com]
> > Sent: Thursday, January 10, 2013 2:48 AM
> > To: cloudstack-dev@incubator.apache.org
> > Subject: RE: [DISCUSS] Support for Intel TXT technology
> >
> > Sure Devdeep can provide the details
> >
> > > -----Original Message-----
> > > From: Chip Childers [mailto:chip.childers@sungard.com]
> > > Sent: Wednesday, January 09, 2013 1:00 PM
> > > To: cloudstack-dev@incubator.apache.org
> > > Subject: Re: [DISCUSS] Support for Intel TXT technology
> > >
> > > On Wed, Jan 9, 2013 at 3:56 PM, Hari Kannan <ha...@citrix.com>
> > wrote:
> > > > Hi Chip,
> > > >
> > > > I will let Animesh comment on the IP/repo stuff - regarding the
> > > > other
> > > > 2 topics you raised
> > > >
> > > > - I wouldn't claim code at a  "done" level yet - we did develop
> > > > code to a sufficient level to demo, but it would need some more
> > > > work for sure. It hadn't made it as part of any Citrix commercial
> > > > product either - it was developed, showcased but hasn't yet seen
> > > > the light of the day
> > >
> > > Understood...  so perhaps there isn't a design document.  Perhaps
> > > the author of the code (not sure who it is) wouldn't mind adding
> > > some basic design elements to the FS wiki page.  That will help the
> > > community evaluate the inclusion of the donated code.
> > >
> > > > - Regarding the XS part, it has been developed/tested only for XS
> > > > - however,
> > > the feature is not restricted for XS - in other words, unlike the
> > > host updates, which was meant to be for XS only, this feature
> > > eventually must support all hypervisors (or even baremetal servers)
> > > - at this time, it has been developed for XS only..
> > > >
> > >
> > > Excellent.  I'd like to see that reflected in the design / code as
> > > well, but glad to hear it was a consideration!
> > >
> > > > Hari
> > > >
> > > > -----Original Message-----
> > > > From: Chip Childers [mailto:chip.childers@sungard.com]
> > > > Sent: Wednesday, January 9, 2013 12:52 PM
> > > > To: cloudstack-dev@incubator.apache.org
> > > > Subject: Re: [DISCUSS] Support for Intel TXT technology
> > > >
> > > > On Wed, Jan 9, 2013 at 3:44 PM, David Nalley <da...@gnsa.us> wrote:
> > > >> On Wed, Jan 9, 2013 at 3:37 PM, Animesh Chaturvedi
> > > >> <an...@citrix.com> wrote:
> > > >>> This came in as I was following up on  action item from IRC today.
> > > >>> This
> > > feature is something that has already been developed before ACS 4.0
> > > and processes were formalized and also had been demonstrated in
> > > public forms such as in Intel Developers Forum last Sept but somehow
> > > missed
> > getting filed.
> > > Can we consider it as an exception and take it for 4.1.  I
> > > understand we are few days past cutoff,  I will ensure we are more diligent
> in future.
> > > >>>
> > > >>> Animesh
> > > >>
> > > >>
> > > >> Is the code already in the repo? Or was it developed externally?
> > > >>
> > > >
> > > > Good question.  My previous email made the assumption that it was
> > > > not
> > > currently in the project repo, but I could certainly be mistaken.
> > > >
> > > > -chip
> > > >

RE: [DISCUSS] Support for Intel TXT technology

[Hari Kannan <ha...@citrix.com>]

Hi Devdeep,

What is the difference between 1 and 3 below? Look same to me.

These assumptions seem fair to me.

I think the code name you refer to below for the attestation server is Intel internal codename - I'm not sure if we should be referring by this name..

Hari

-----Original Message-----
From: Devdeep Singh [mailto:devdeep.singh@citrix.com] 
Sent: Wednesday, January 9, 2013 10:41 PM
To: cloudstack-dev@incubator.apache.org
Subject: RE: [DISCUSS] Support for Intel TXT technology

I would like to get some of the requirements cleared before working on the FS. There were several assumptions made in the POC and they need to be clarified.

1. CloudStack will have to talk to a attestation server to check if a host is trusted or not. Is it correct to assume the attestation server; which can be a virtual appliance; is not managed by CloudStack?
2. The trust relation between the attestation server and hosts will be established outside the scope of CloudStack. CloudStack will just check with the attestation server whether a host is trusted or not.
3. Intel attestation server is called Mt. Wilson. Anyone who is interested in using the feature will have to setup the Mt. Wilson server and configure CloudStack to talk to it.
4. Mt. Wilson provides an API Client toolkit (jar files) for quick integration. I am not sure how they are licensed, but if they are not compatible with apache license, this feature will have be under 'nonoss'.

Regards,
Devdeep

> -----Original Message-----
> From: Animesh Chaturvedi [mailto:animesh.chaturvedi@citrix.com]
> Sent: Thursday, January 10, 2013 2:48 AM
> To: cloudstack-dev@incubator.apache.org
> Subject: RE: [DISCUSS] Support for Intel TXT technology
> 
> Sure Devdeep can provide the details
> 
> > -----Original Message-----
> > From: Chip Childers [mailto:chip.childers@sungard.com]
> > Sent: Wednesday, January 09, 2013 1:00 PM
> > To: cloudstack-dev@incubator.apache.org
> > Subject: Re: [DISCUSS] Support for Intel TXT technology
> >
> > On Wed, Jan 9, 2013 at 3:56 PM, Hari Kannan <ha...@citrix.com>
> wrote:
> > > Hi Chip,
> > >
> > > I will let Animesh comment on the IP/repo stuff - regarding the 
> > > other
> > > 2 topics you raised
> > >
> > > - I wouldn't claim code at a  "done" level yet - we did develop 
> > > code to a sufficient level to demo, but it would need some more 
> > > work for sure. It hadn't made it as part of any Citrix commercial 
> > > product either - it was developed, showcased but hasn't yet seen 
> > > the light of the day
> >
> > Understood...  so perhaps there isn't a design document.  Perhaps 
> > the author of the code (not sure who it is) wouldn't mind adding 
> > some basic design elements to the FS wiki page.  That will help the 
> > community evaluate the inclusion of the donated code.
> >
> > > - Regarding the XS part, it has been developed/tested only for XS 
> > > - however,
> > the feature is not restricted for XS - in other words, unlike the 
> > host updates, which was meant to be for XS only, this feature 
> > eventually must support all hypervisors (or even baremetal servers) 
> > - at this time, it has been developed for XS only..
> > >
> >
> > Excellent.  I'd like to see that reflected in the design / code as 
> > well, but glad to hear it was a consideration!
> >
> > > Hari
> > >
> > > -----Original Message-----
> > > From: Chip Childers [mailto:chip.childers@sungard.com]
> > > Sent: Wednesday, January 9, 2013 12:52 PM
> > > To: cloudstack-dev@incubator.apache.org
> > > Subject: Re: [DISCUSS] Support for Intel TXT technology
> > >
> > > On Wed, Jan 9, 2013 at 3:44 PM, David Nalley <da...@gnsa.us> wrote:
> > >> On Wed, Jan 9, 2013 at 3:37 PM, Animesh Chaturvedi 
> > >> <an...@citrix.com> wrote:
> > >>> This came in as I was following up on  action item from IRC today.
> > >>> This
> > feature is something that has already been developed before ACS 4.0 
> > and processes were formalized and also had been demonstrated in 
> > public forms such as in Intel Developers Forum last Sept but somehow 
> > missed
> getting filed.
> > Can we consider it as an exception and take it for 4.1.  I 
> > understand we are few days past cutoff,  I will ensure we are more diligent in future.
> > >>>
> > >>> Animesh
> > >>
> > >>
> > >> Is the code already in the repo? Or was it developed externally?
> > >>
> > >
> > > Good question.  My previous email made the assumption that it was 
> > > not
> > currently in the project repo, but I could certainly be mistaken.
> > >
> > > -chip
> > >

Re: [DISCUSS] Support for Intel TXT technology

[John Kinsella <jl...@stratosec.co>]

I really hope people don't run the attestation server as a VM managed by ACS - that sounds like an excellent way to shoot ones self in the foot…

On Jan 9, 2013, at 10:41 PM, Devdeep Singh <de...@citrix.com> wrote:

> I would like to get some of the requirements cleared before working on the FS. There were several assumptions made in the POC and they need to be clarified.
> 
> 1. CloudStack will have to talk to a attestation server to check if a host is trusted or not. Is it correct to assume the attestation server; which can be a virtual appliance; is not managed by CloudStack?
> 2. The trust relation between the attestation server and hosts will be established outside the scope of CloudStack. CloudStack will just check with the attestation server whether a host is trusted or not.
> 3. Intel attestation server is called Mt. Wilson. Anyone who is interested in using the feature will have to setup the Mt. Wilson server and configure CloudStack to talk to it.
> 4. Mt. Wilson provides an API Client toolkit (jar files) for quick integration. I am not sure how they are licensed, but if they are not compatible with apache license, this feature will have be under 'nonoss'.
> 
> Regards,
> Devdeep
> 
>> -----Original Message-----
>> From: Animesh Chaturvedi [mailto:animesh.chaturvedi@citrix.com]
>> Sent: Thursday, January 10, 2013 2:48 AM
>> To: cloudstack-dev@incubator.apache.org
>> Subject: RE: [DISCUSS] Support for Intel TXT technology
>> 
>> Sure Devdeep can provide the details
>> 
>>> -----Original Message-----
>>> From: Chip Childers [mailto:chip.childers@sungard.com]
>>> Sent: Wednesday, January 09, 2013 1:00 PM
>>> To: cloudstack-dev@incubator.apache.org
>>> Subject: Re: [DISCUSS] Support for Intel TXT technology
>>> 
>>> On Wed, Jan 9, 2013 at 3:56 PM, Hari Kannan <ha...@citrix.com>
>> wrote:
>>>> Hi Chip,
>>>> 
>>>> I will let Animesh comment on the IP/repo stuff - regarding the
>>>> other
>>>> 2 topics you raised
>>>> 
>>>> - I wouldn't claim code at a  "done" level yet - we did develop code
>>>> to a sufficient level to demo, but it would need some more work for
>>>> sure. It hadn't made it as part of any Citrix commercial product
>>>> either - it was developed, showcased but hasn't yet seen the light
>>>> of the day
>>> 
>>> Understood...  so perhaps there isn't a design document.  Perhaps the
>>> author of the code (not sure who it is) wouldn't mind adding some
>>> basic design elements to the FS wiki page.  That will help the
>>> community evaluate the inclusion of the donated code.
>>> 
>>>> - Regarding the XS part, it has been developed/tested only for XS -
>>>> however,
>>> the feature is not restricted for XS - in other words, unlike the host
>>> updates, which was meant to be for XS only, this feature eventually
>>> must support all hypervisors (or even baremetal servers) - at this
>>> time, it has been developed for XS only..
>>>> 
>>> 
>>> Excellent.  I'd like to see that reflected in the design / code as
>>> well, but glad to hear it was a consideration!
>>> 
>>>> Hari
>>>> 
>>>> -----Original Message-----
>>>> From: Chip Childers [mailto:chip.childers@sungard.com]
>>>> Sent: Wednesday, January 9, 2013 12:52 PM
>>>> To: cloudstack-dev@incubator.apache.org
>>>> Subject: Re: [DISCUSS] Support for Intel TXT technology
>>>> 
>>>> On Wed, Jan 9, 2013 at 3:44 PM, David Nalley <da...@gnsa.us> wrote:
>>>>> On Wed, Jan 9, 2013 at 3:37 PM, Animesh Chaturvedi
>>>>> <an...@citrix.com> wrote:
>>>>>> This came in as I was following up on  action item from IRC today.
>>>>>> This
>>> feature is something that has already been developed before ACS 4.0
>>> and processes were formalized and also had been demonstrated in public
>>> forms such as in Intel Developers Forum last Sept but somehow missed
>> getting filed.
>>> Can we consider it as an exception and take it for 4.1.  I understand
>>> we are few days past cutoff,  I will ensure we are more diligent in future.
>>>>>> 
>>>>>> Animesh
>>>>> 
>>>>> 
>>>>> Is the code already in the repo? Or was it developed externally?
>>>>> 
>>>> 
>>>> Good question.  My previous email made the assumption that it was
>>>> not
>>> currently in the project repo, but I could certainly be mistaken.
>>>> 
>>>> -chip
>>>> 
> 

Stratosec - Secure Infrastructure as a Service
o: 415.315.9385
@johnlkinsella

RE: [DISCUSS] Support for Intel TXT technology

[Devdeep Singh <de...@citrix.com>]

I would like to get some of the requirements cleared before working on the FS. There were several assumptions made in the POC and they need to be clarified.

1. CloudStack will have to talk to a attestation server to check if a host is trusted or not. Is it correct to assume the attestation server; which can be a virtual appliance; is not managed by CloudStack?
2. The trust relation between the attestation server and hosts will be established outside the scope of CloudStack. CloudStack will just check with the attestation server whether a host is trusted or not.
3. Intel attestation server is called Mt. Wilson. Anyone who is interested in using the feature will have to setup the Mt. Wilson server and configure CloudStack to talk to it.
4. Mt. Wilson provides an API Client toolkit (jar files) for quick integration. I am not sure how they are licensed, but if they are not compatible with apache license, this feature will have be under 'nonoss'.

Regards,
Devdeep

> -----Original Message-----
> From: Animesh Chaturvedi [mailto:animesh.chaturvedi@citrix.com]
> Sent: Thursday, January 10, 2013 2:48 AM
> To: cloudstack-dev@incubator.apache.org
> Subject: RE: [DISCUSS] Support for Intel TXT technology
> 
> Sure Devdeep can provide the details
> 
> > -----Original Message-----
> > From: Chip Childers [mailto:chip.childers@sungard.com]
> > Sent: Wednesday, January 09, 2013 1:00 PM
> > To: cloudstack-dev@incubator.apache.org
> > Subject: Re: [DISCUSS] Support for Intel TXT technology
> >
> > On Wed, Jan 9, 2013 at 3:56 PM, Hari Kannan <ha...@citrix.com>
> wrote:
> > > Hi Chip,
> > >
> > > I will let Animesh comment on the IP/repo stuff - regarding the
> > > other
> > > 2 topics you raised
> > >
> > > - I wouldn't claim code at a  "done" level yet - we did develop code
> > > to a sufficient level to demo, but it would need some more work for
> > > sure. It hadn't made it as part of any Citrix commercial product
> > > either - it was developed, showcased but hasn't yet seen the light
> > > of the day
> >
> > Understood...  so perhaps there isn't a design document.  Perhaps the
> > author of the code (not sure who it is) wouldn't mind adding some
> > basic design elements to the FS wiki page.  That will help the
> > community evaluate the inclusion of the donated code.
> >
> > > - Regarding the XS part, it has been developed/tested only for XS -
> > > however,
> > the feature is not restricted for XS - in other words, unlike the host
> > updates, which was meant to be for XS only, this feature eventually
> > must support all hypervisors (or even baremetal servers) - at this
> > time, it has been developed for XS only..
> > >
> >
> > Excellent.  I'd like to see that reflected in the design / code as
> > well, but glad to hear it was a consideration!
> >
> > > Hari
> > >
> > > -----Original Message-----
> > > From: Chip Childers [mailto:chip.childers@sungard.com]
> > > Sent: Wednesday, January 9, 2013 12:52 PM
> > > To: cloudstack-dev@incubator.apache.org
> > > Subject: Re: [DISCUSS] Support for Intel TXT technology
> > >
> > > On Wed, Jan 9, 2013 at 3:44 PM, David Nalley <da...@gnsa.us> wrote:
> > >> On Wed, Jan 9, 2013 at 3:37 PM, Animesh Chaturvedi
> > >> <an...@citrix.com> wrote:
> > >>> This came in as I was following up on  action item from IRC today.
> > >>> This
> > feature is something that has already been developed before ACS 4.0
> > and processes were formalized and also had been demonstrated in public
> > forms such as in Intel Developers Forum last Sept but somehow missed
> getting filed.
> > Can we consider it as an exception and take it for 4.1.  I understand
> > we are few days past cutoff,  I will ensure we are more diligent in future.
> > >>>
> > >>> Animesh
> > >>
> > >>
> > >> Is the code already in the repo? Or was it developed externally?
> > >>
> > >
> > > Good question.  My previous email made the assumption that it was
> > > not
> > currently in the project repo, but I could certainly be mistaken.
> > >
> > > -chip
> > >

RE: [DISCUSS] Support for Intel TXT technology

[Animesh Chaturvedi <an...@citrix.com>]

Sure Devdeep can provide the details

> -----Original Message-----
> From: Chip Childers [mailto:chip.childers@sungard.com]
> Sent: Wednesday, January 09, 2013 1:00 PM
> To: cloudstack-dev@incubator.apache.org
> Subject: Re: [DISCUSS] Support for Intel TXT technology
> 
> On Wed, Jan 9, 2013 at 3:56 PM, Hari Kannan <ha...@citrix.com> wrote:
> > Hi Chip,
> >
> > I will let Animesh comment on the IP/repo stuff - regarding the other
> > 2 topics you raised
> >
> > - I wouldn't claim code at a  "done" level yet - we did develop code
> > to a sufficient level to demo, but it would need some more work for
> > sure. It hadn't made it as part of any Citrix commercial product
> > either - it was developed, showcased but hasn't yet seen the light of
> > the day
> 
> Understood...  so perhaps there isn't a design document.  Perhaps the author of
> the code (not sure who it is) wouldn't mind adding some basic design elements
> to the FS wiki page.  That will help the community evaluate the inclusion of the
> donated code.
> 
> > - Regarding the XS part, it has been developed/tested only for XS - however,
> the feature is not restricted for XS - in other words, unlike the host updates,
> which was meant to be for XS only, this feature eventually must support all
> hypervisors (or even baremetal servers) - at this time, it has been developed
> for XS only..
> >
> 
> Excellent.  I'd like to see that reflected in the design / code as well, but glad to
> hear it was a consideration!
> 
> > Hari
> >
> > -----Original Message-----
> > From: Chip Childers [mailto:chip.childers@sungard.com]
> > Sent: Wednesday, January 9, 2013 12:52 PM
> > To: cloudstack-dev@incubator.apache.org
> > Subject: Re: [DISCUSS] Support for Intel TXT technology
> >
> > On Wed, Jan 9, 2013 at 3:44 PM, David Nalley <da...@gnsa.us> wrote:
> >> On Wed, Jan 9, 2013 at 3:37 PM, Animesh Chaturvedi
> >> <an...@citrix.com> wrote:
> >>> This came in as I was following up on  action item from IRC today. This
> feature is something that has already been developed before ACS 4.0 and
> processes were formalized and also had been demonstrated in public forms
> such as in Intel Developers Forum last Sept but somehow missed getting filed.
> Can we consider it as an exception and take it for 4.1.  I understand we are few
> days past cutoff,  I will ensure we are more diligent in future.
> >>>
> >>> Animesh
> >>
> >>
> >> Is the code already in the repo? Or was it developed externally?
> >>
> >
> > Good question.  My previous email made the assumption that it was not
> currently in the project repo, but I could certainly be mistaken.
> >
> > -chip
> >

Re: [DISCUSS] Support for Intel TXT technology

[Chip Childers <ch...@sungard.com>]

On Wed, Jan 9, 2013 at 3:56 PM, Hari Kannan <ha...@citrix.com> wrote:
> Hi Chip,
>
> I will let Animesh comment on the IP/repo stuff - regarding the other 2 topics you raised
>
> - I wouldn't claim code at a  "done" level yet - we did develop code to a sufficient level to demo, but it would need some more work for sure. It hadn't made it as part of any Citrix commercial product either - it was developed, showcased but hasn't yet seen the light of the day

Understood...  so perhaps there isn't a design document.  Perhaps the
author of the code (not sure who it is) wouldn't mind adding some
basic design elements to the FS wiki page.  That will help the
community evaluate the inclusion of the donated code.

> - Regarding the XS part, it has been developed/tested only for XS - however, the feature is not restricted for XS - in other words, unlike the host updates, which was meant to be for XS only, this feature eventually must support all hypervisors (or even baremetal servers) - at this time, it has been developed for XS only..
>

Excellent.  I'd like to see that reflected in the design / code as
well, but glad to hear it was a consideration!

> Hari
>
> -----Original Message-----
> From: Chip Childers [mailto:chip.childers@sungard.com]
> Sent: Wednesday, January 9, 2013 12:52 PM
> To: cloudstack-dev@incubator.apache.org
> Subject: Re: [DISCUSS] Support for Intel TXT technology
>
> On Wed, Jan 9, 2013 at 3:44 PM, David Nalley <da...@gnsa.us> wrote:
>> On Wed, Jan 9, 2013 at 3:37 PM, Animesh Chaturvedi
>> <an...@citrix.com> wrote:
>>> This came in as I was following up on  action item from IRC today. This feature is something that has already been developed before ACS 4.0 and processes were formalized and also had been demonstrated in public forms such as in Intel Developers Forum last Sept but somehow missed getting filed. Can we consider it as an exception and take it for 4.1.  I understand we are few days past cutoff,  I will ensure we are more diligent in future.
>>>
>>> Animesh
>>
>>
>> Is the code already in the repo? Or was it developed externally?
>>
>
> Good question.  My previous email made the assumption that it was not currently in the project repo, but I could certainly be mistaken.
>
> -chip
>

RE: [DISCUSS] Support for Intel TXT technology

[Hari Kannan <ha...@citrix.com>]

Hi Chip,

I will let Animesh comment on the IP/repo stuff - regarding the other 2 topics you raised

- I wouldn't claim code at a  "done" level yet - we did develop code to a sufficient level to demo, but it would need some more work for sure. It hadn't made it as part of any Citrix commercial product either - it was developed, showcased but hasn't yet seen the light of the day
- Regarding the XS part, it has been developed/tested only for XS - however, the feature is not restricted for XS - in other words, unlike the host updates, which was meant to be for XS only, this feature eventually must support all hypervisors (or even baremetal servers) - at this time, it has been developed for XS only..

Hari

-----Original Message-----
From: Chip Childers [mailto:chip.childers@sungard.com] 
Sent: Wednesday, January 9, 2013 12:52 PM
To: cloudstack-dev@incubator.apache.org
Subject: Re: [DISCUSS] Support for Intel TXT technology

On Wed, Jan 9, 2013 at 3:44 PM, David Nalley <da...@gnsa.us> wrote:
> On Wed, Jan 9, 2013 at 3:37 PM, Animesh Chaturvedi 
> <an...@citrix.com> wrote:
>> This came in as I was following up on  action item from IRC today. This feature is something that has already been developed before ACS 4.0 and processes were formalized and also had been demonstrated in public forms such as in Intel Developers Forum last Sept but somehow missed getting filed. Can we consider it as an exception and take it for 4.1.  I understand we are few days past cutoff,  I will ensure we are more diligent in future.
>>
>> Animesh
>
>
> Is the code already in the repo? Or was it developed externally?
>

Good question.  My previous email made the assumption that it was not currently in the project repo, but I could certainly be mistaken.

-chip

Re: [DISCUSS] Support for Intel TXT technology

[Chip Childers <ch...@sungard.com>]

On Wed, Jan 9, 2013 at 3:44 PM, David Nalley <da...@gnsa.us> wrote:
> On Wed, Jan 9, 2013 at 3:37 PM, Animesh Chaturvedi
> <an...@citrix.com> wrote:
>> This came in as I was following up on  action item from IRC today. This feature is something that has already been developed before ACS 4.0 and processes were formalized and also had been demonstrated in public forms such as in Intel Developers Forum last Sept but somehow missed getting filed. Can we consider it as an exception and take it for 4.1.  I understand we are few days past cutoff,  I will ensure we are more diligent in future.
>>
>> Animesh
>
>
> Is the code already in the repo? Or was it developed externally?
>

Good question.  My previous email made the assumption that it was not
currently in the project repo, but I could certainly be mistaken.

-chip

Re: [DISCUSS] Support for Intel TXT technology

[David Nalley <da...@gnsa.us>]

On Wed, Jan 9, 2013 at 3:37 PM, Animesh Chaturvedi
<an...@citrix.com> wrote:
> This came in as I was following up on  action item from IRC today. This feature is something that has already been developed before ACS 4.0 and processes were formalized and also had been demonstrated in public forms such as in Intel Developers Forum last Sept but somehow missed getting filed. Can we consider it as an exception and take it for 4.1.  I understand we are few days past cutoff,  I will ensure we are more diligent in future.
>
> Animesh


Is the code already in the repo? Or was it developed externally?

Re: [DISCUSS] Support for Intel TXT technology

[Chip Childers <ch...@sungard.com>]

On Fri, Mar 08, 2013 at 09:46:55AM -0800, Sudha Ponnaganti wrote:
> Wondering if anyone is interested to pick up QA for this story.

It's going to require some specialized hardware.  It *might* be easier
for someone outside of Citrix to help test this if the hardware
requirements were shared.  Folks will have to evaluate if they have it
available.

RE: [DISCUSS] Support for Intel TXT technology

[Sudha Ponnaganti <su...@citrix.com>]

Wondering if anyone is interested to pick up QA for this story.

-----Original Message-----
From: Devdeep Singh [mailto:devdeep.singh@citrix.com] 
Sent: Friday, March 08, 2013 9:45 AM
To: cloudstack-dev@incubator.apache.org
Subject: RE: [DISCUSS] Support for Intel TXT technology

I have started putting together the FS for this feature. The initial draft is shared here https://cwiki.apache.org/confluence/display/CLOUDSTACK/Support+for+Intel+TXT+Technology. Do let me know your comments/thoughts/concerns.

Regards,
Devdeep

> -----Original Message-----
> From: Animesh Chaturvedi [mailto:animesh.chaturvedi@citrix.com]
> Sent: Saturday, January 19, 2013 2:55 AM
> To: cloudstack-dev@incubator.apache.org
> Subject: RE: [DISCUSS] Support for Intel TXT technology
> 
> 
> 
> > -----Original Message-----
> > From: Chip Childers [mailto:chip.childers@sungard.com]
> > Sent: Friday, January 18, 2013 8:32 AM
> > To: cloudstack-dev@incubator.apache.org; Animesh Chaturvedi
> > Subject: Re: [DISCUSS] Support for Intel TXT technology
> >
> > On Wed, Jan 9, 2013 at 3:37 PM, Animesh Chaturvedi 
> > <an...@citrix.com> wrote:
> > > This came in as I was following up on  action item from IRC today.
> > > This
> > feature is something that has already been developed before ACS 4.0 
> > and processes were formalized and also had been demonstrated in 
> > public forms such as in Intel Developers Forum last Sept but somehow 
> > missed getting filed. Can we consider it as an exception and take it for 4.1.
> > I understand we are few days past cutoff,  I will ensure we are more 
> > diligent
> in future.
> > >
> > > Animesh
> >
> > Just to close the loop on this.  I'm not sure that this is even 
> > progressing enough to make it in by out feature freeze date (if it 
> > is, it's not visible to the rest of the community).  Is the request 
> > to include it in
> 4.1.0 a moot point?
> >
> [Animesh>] Yes Chip we can move it out of 4.1 Devdeep is still 
> wrapping up on some of his other tasks

RE: [DISCUSS] Support for Intel TXT technology

[Devdeep Singh <de...@citrix.com>]

I have started putting together the FS for this feature. The initial draft is shared here https://cwiki.apache.org/confluence/display/CLOUDSTACK/Support+for+Intel+TXT+Technology. Do let me know your comments/thoughts/concerns.

Regards,
Devdeep

> -----Original Message-----
> From: Animesh Chaturvedi [mailto:animesh.chaturvedi@citrix.com]
> Sent: Saturday, January 19, 2013 2:55 AM
> To: cloudstack-dev@incubator.apache.org
> Subject: RE: [DISCUSS] Support for Intel TXT technology
> 
> 
> 
> > -----Original Message-----
> > From: Chip Childers [mailto:chip.childers@sungard.com]
> > Sent: Friday, January 18, 2013 8:32 AM
> > To: cloudstack-dev@incubator.apache.org; Animesh Chaturvedi
> > Subject: Re: [DISCUSS] Support for Intel TXT technology
> >
> > On Wed, Jan 9, 2013 at 3:37 PM, Animesh Chaturvedi
> > <an...@citrix.com> wrote:
> > > This came in as I was following up on  action item from IRC today.
> > > This
> > feature is something that has already been developed before ACS 4.0
> > and processes were formalized and also had been demonstrated in public
> > forms such as in Intel Developers Forum last Sept but somehow missed
> > getting filed. Can we consider it as an exception and take it for 4.1.
> > I understand we are few days past cutoff,  I will ensure we are more diligent
> in future.
> > >
> > > Animesh
> >
> > Just to close the loop on this.  I'm not sure that this is even
> > progressing enough to make it in by out feature freeze date (if it is,
> > it's not visible to the rest of the community).  Is the request to include it in
> 4.1.0 a moot point?
> >
> [Animesh>] Yes Chip we can move it out of 4.1 Devdeep is still wrapping up on
> some of his other tasks

RE: [DISCUSS] Support for Intel TXT technology

[Animesh Chaturvedi <an...@citrix.com>]

> -----Original Message-----
> From: Chip Childers [mailto:chip.childers@sungard.com]
> Sent: Friday, January 18, 2013 8:32 AM
> To: cloudstack-dev@incubator.apache.org; Animesh Chaturvedi
> Subject: Re: [DISCUSS] Support for Intel TXT technology
> 
> On Wed, Jan 9, 2013 at 3:37 PM, Animesh Chaturvedi
> <an...@citrix.com> wrote:
> > This came in as I was following up on  action item from IRC today. This
> feature is something that has already been developed before ACS 4.0 and
> processes were formalized and also had been demonstrated in public forms
> such as in Intel Developers Forum last Sept but somehow missed getting
> filed. Can we consider it as an exception and take it for 4.1.  I understand we
> are few days past cutoff,  I will ensure we are more diligent in future.
> >
> > Animesh
> 
> Just to close the loop on this.  I'm not sure that this is even progressing
> enough to make it in by out feature freeze date (if it is, it's not visible to the
> rest of the community).  Is the request to include it in 4.1.0 a moot point?
> 
[Animesh>] Yes Chip we can move it out of 4.1 Devdeep is still wrapping up on some of his other tasks

Re: [DISCUSS] Support for Intel TXT technology

[Chip Childers <ch...@sungard.com>]

On Wed, Jan 9, 2013 at 3:37 PM, Animesh Chaturvedi
<an...@citrix.com> wrote:
> This came in as I was following up on  action item from IRC today. This feature is something that has already been developed before ACS 4.0 and processes were formalized and also had been demonstrated in public forms such as in Intel Developers Forum last Sept but somehow missed getting filed. Can we consider it as an exception and take it for 4.1.  I understand we are few days past cutoff,  I will ensure we are more diligent in future.
>
> Animesh

Just to close the loop on this.  I'm not sure that this is even
progressing enough to make it in by out feature freeze date (if it is,
it's not visible to the rest of the community).  Is the request to
include it in 4.1.0 a moot point?

>> -----Original Message-----
>> From: David Nalley [mailto:david@gnsa.us]
>> Sent: Wednesday, January 09, 2013 11:46 AM
>> To: cloudstack-dev@incubator.apache.org
>> Cc: cloudstack-users@incubator.apache.org
>> Subject: Re: [DISCUSS] Support for Intel TXT technology
>>
>> On Wed, Jan 9, 2013 at 2:40 PM, Hari Kannan <ha...@citrix.com> wrote:
>> >
>> > Hello All,
>> >
>> > I wish to propose Support for Intel TXT for Cloud Use cases - I have
>> > added some details here
>> > https://cwiki.apache.org/confluence/display/CLOUDSTACK/Support+for+Int
>> > el+TXT+Technology
>> >
>> > along with a JIRA ticket
>> > https://issues.apache.org/jira/browse/CLOUDSTACK-939
>> >
>> > Please review and comment
>> >
>> > Hari Kannan
>>
>> I've commented on the ticket. This has come in after our agreed proposal
>> deadline, so I've changed the targeted version to Future.
>>
>> --David
>

RE: [DISCUSS] Support for Intel TXT technology

[Animesh Chaturvedi <an...@citrix.com>]

This came in as I was following up on  action item from IRC today. This feature is something that has already been developed before ACS 4.0 and processes were formalized and also had been demonstrated in public forms such as in Intel Developers Forum last Sept but somehow missed getting filed. Can we consider it as an exception and take it for 4.1.  I understand we are few days past cutoff,  I will ensure we are more diligent in future. 

Animesh
> -----Original Message-----
> From: David Nalley [mailto:david@gnsa.us]
> Sent: Wednesday, January 09, 2013 11:46 AM
> To: cloudstack-dev@incubator.apache.org
> Cc: cloudstack-users@incubator.apache.org
> Subject: Re: [DISCUSS] Support for Intel TXT technology
> 
> On Wed, Jan 9, 2013 at 2:40 PM, Hari Kannan <ha...@citrix.com> wrote:
> >
> > Hello All,
> >
> > I wish to propose Support for Intel TXT for Cloud Use cases - I have
> > added some details here
> > https://cwiki.apache.org/confluence/display/CLOUDSTACK/Support+for+Int
> > el+TXT+Technology
> >
> > along with a JIRA ticket
> > https://issues.apache.org/jira/browse/CLOUDSTACK-939
> >
> > Please review and comment
> >
> > Hari Kannan
> 
> I've commented on the ticket. This has come in after our agreed proposal
> deadline, so I've changed the targeted version to Future.
> 
> --David

RE: [DISCUSS] Support for Intel TXT technology

[Animesh Chaturvedi <an...@citrix.com>]

This came in as I was following up on  action item from IRC today. This feature is something that has already been developed before ACS 4.0 and processes were formalized and also had been demonstrated in public forms such as in Intel Developers Forum last Sept but somehow missed getting filed. Can we consider it as an exception and take it for 4.1.  I understand we are few days past cutoff,  I will ensure we are more diligent in future. 

Animesh
> -----Original Message-----
> From: David Nalley [mailto:david@gnsa.us]
> Sent: Wednesday, January 09, 2013 11:46 AM
> To: cloudstack-dev@incubator.apache.org
> Cc: cloudstack-users@incubator.apache.org
> Subject: Re: [DISCUSS] Support for Intel TXT technology
> 
> On Wed, Jan 9, 2013 at 2:40 PM, Hari Kannan <ha...@citrix.com> wrote:
> >
> > Hello All,
> >
> > I wish to propose Support for Intel TXT for Cloud Use cases - I have
> > added some details here
> > https://cwiki.apache.org/confluence/display/CLOUDSTACK/Support+for+Int
> > el+TXT+Technology
> >
> > along with a JIRA ticket
> > https://issues.apache.org/jira/browse/CLOUDSTACK-939
> >
> > Please review and comment
> >
> > Hari Kannan
> 
> I've commented on the ticket. This has come in after our agreed proposal
> deadline, so I've changed the targeted version to Future.
> 
> --David

Re: [DISCUSS] Support for Intel TXT technology

[David Nalley <da...@gnsa.us>]

On Wed, Jan 9, 2013 at 2:40 PM, Hari Kannan <ha...@citrix.com> wrote:
>
> Hello All,
>
> I wish to propose Support for Intel TXT for Cloud Use cases - I have added some details here https://cwiki.apache.org/confluence/display/CLOUDSTACK/Support+for+Intel+TXT+Technology
>
> along with a JIRA ticket https://issues.apache.org/jira/browse/CLOUDSTACK-939
>
> Please review and comment
>
> Hari Kannan

I've commented on the ticket. This has come in after our agreed
proposal deadline, so I've changed the targeted version to Future.

--David

Re: [DISCUSS] Support for Intel TXT technology

[David Nalley <da...@gnsa.us>]

On Wed, Jan 9, 2013 at 2:40 PM, Hari Kannan <ha...@citrix.com> wrote:
>
> Hello All,
>
> I wish to propose Support for Intel TXT for Cloud Use cases - I have added some details here https://cwiki.apache.org/confluence/display/CLOUDSTACK/Support+for+Intel+TXT+Technology
>
> along with a JIRA ticket https://issues.apache.org/jira/browse/CLOUDSTACK-939
>
> Please review and comment
>
> Hari Kannan

I've commented on the ticket. This has come in after our agreed
proposal deadline, so I've changed the targeted version to Future.

--David

Re: [DISCUSS] Support for Intel TXT technology

[Chip Childers <ch...@sungard.com>]

On Wed, Jan 9, 2013 at 2:40 PM, Hari Kannan <ha...@citrix.com> wrote:
>
> Hello All,
>
> I wish to propose Support for Intel TXT for Cloud Use cases - I have added some details here https://cwiki.apache.org/confluence/display/CLOUDSTACK/Support+for+Intel+TXT+Technology
>
> along with a JIRA ticket https://issues.apache.org/jira/browse/CLOUDSTACK-939
>
> Please review and comment
>
> Hari Kannan
>

Let's set the fix version to Future please.