openstack team mailing list archive

Thread
Date

Re: trusted computing and nova

To: Vishvananda Ishaya <vishvananda@xxxxxxxxx>, Michael Pittaro <mikeyp@xxxxxxxxxxxxxxxxxxx>
From: "Yang, Fred" <fred.yang@xxxxxxxxx>
Date: Fri, 9 Dec 2011 12:18:51 -0800
Accept-language: en-US
Acceptlanguage: en-US
Cc: Mark Washenberger <mark.washenberger@xxxxxxxxxxxxx>, OpenStack Mailing List <openstack@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <23A2431A-3846-4EC8-B468-8B6300BC8B84@gmail.com>
Thread-index: Acy2qdbzRa0YqvqERK2Au6BVrOCRywAASRUg
Thread-topic: [Openstack] trusted computing and nova


> -----Original Message-----
> From: openstack-bounces+fred.yang=intel.com@xxxxxxxxxxxxxxxxxxx
> [mailto:openstack-bounces+fred.yang=intel.com@xxxxxxxxxxxxxxxxxxx] On
> Behalf Of Vishvananda Ishaya
> Sent: Friday, December 09, 2011 11:33 AM
> To: Michael Pittaro
> Cc: OpenStack Mailing List; Mark Washenberger
> Subject: Re: [Openstack] trusted computing and nova
> 
> I suggested a couple alternative solutions for implementations in one
> of the reviews.  Hoping to hear back from fred yang/intel on whether
> one of those solutions will work.  Copied suggestions here in case
> anyone else is following along.
> 
> Brian Waldon and I were discussing the possibility of a couple
> different approach for trusted computing which wouldn't require adding
> a separate component and scheduler.
> 
> 1. add an admin api to add and remove hosts from an availabilty zone.
> Then the component that is verifying trust could periodically check the
> hosts and remove them from the trusted zone if they fail. The scheduler
> could just use regular availability-zone scheduling to send the hosts
> to the trusted zone.
Service providers can have mixed computing nodes of trusted or non-trusted nodes dispatched pending on subscribers' demands.  The intent is to make "trust" to be transparent to providers' zone setup
> 
> 2. rather than verify trust during schedule, provide an external
> service that is exposed to users where they could verify trust. They
> could basically request the trust state of an instance. The service
> would speak to nova through an admin api to discover which host the
> instance is running on and verify the trustedness of the host, and
> return "trusted" to the user if the node passes.
If understand correctly, this approach is to address after fact that Nova scheduler have selected-and-run instance.  This approach can directly impact/break subscriber's needs/data already since instance  has been started and would need subscribers intervention.  This is why we need to perform scanning through scheduler

Follow ups

Re: trusted computing and nova
From: Mark Washenberger, 2011-12-09
Re: trusted computing and nova
From: Chris Wright, 2011-12-09

References

trusted computing and nova
From: Mark Washenberger, 2011-12-08
Re: trusted computing and nova
From: Michael Pittaro, 2011-12-09
Re: trusted computing and nova
From: Vishvananda Ishaya, 2011-12-09