Thanks for the feedback. I as already planning to have a dedicated management network and had also discussed the need for some network protocol to share state information. I now feel that using a network to share state information is the right solution in our case. While xenstore looks interesting, I am hesitant to implement anything that is Xen specific at this time. I want to be able to move to KVM or "the next big thing" as simply as possible. Thanks again, David On Thu, Jul 23, 2009 at 4:53 AM, Christopher G. Stach II <cgs at ldsys.net>wrote: > ----- "R P Herrold" <herrold at centos.org> wrote: > > > The addition of a new private network segment seems like > > overkill and needless additional fragility and complexity -- > > if one to one, use a remote syslog setup (viz., over UDP); if > > one to many (domU), use a multicast sender and listeners. > > > > Run either on the existing network seqment shared by the domUs > > and dom0 already. > > It's just RAM until you add a physical interface to the bridge, and then > it's just Ethernet. It would be difficult to argue that using either is > fragile or complex. Even compared against your suggestion, the only > difference is isolation, the general rule for administrative networks. > > If the skill level involved is negative, perhaps if the person is coming > from the Device Manager space, maybe the steps of adding a bridge, a vif > entry for each VM, and configuring the interface within each VM is way too > much to handle. However, IIRC, virtual network bridges are one of the > documented Xen use cases and are entry level stuff. The cost and added risk > thereof are next to zero. Being that worried about fragility in your basic > set of capabilities is silly, unless you have evidence to the contrary. > > If the messages are used to trigger things like shutdowns, scale back > services, or be published in any way that could be dangerous (inadvertently > notifying customers/competitors/attackers that your hardware sucks or what > your system architecture looks like), you'll need to involve crypto unless > you don't care if anyone inside shuts down your VMs. syslogd would not help > in this case, but at least SNMP could. > > -- > Christopher G. Stach II > > > _______________________________________________ > CentOS-virt mailing list > CentOS-virt at centos.org > http://lists.centos.org/mailman/listinfo/centos-virt > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos-virt/attachments/20090723/bd008cd5/attachment-0005.html>