XCP-ng
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Citrix Hypervisor 8.1 released

    Scheduled Pinned Locked Moved News
    28 Posts 10 Posters 6.5k Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C Offline
      cg
      last edited by

      I'm not happy to see DMC dropping, but even more removal of "VSS and quiesced snapshots" is sad.
      It's probably one more step from general Hypervisor solution to VDI, as it's not really important there, but if you have DB servers etc...

      1 Reply Last reply Reply Quote 0
      • olivierlambertO Offline
        olivierlambert Vates 🪐 Co-Founder CEO
        last edited by

        @GHW It's far from the DVSC idea (iptables for the VM, Ansible etc.). Can you be more specific on exact features you liked in DVSC? (how it worked and ideally the process)

        @cg we have a solution coming for that (backup and restore with RAM)

        D 1 Reply Last reply Reply Quote 0
        • D Offline
          DreDay @olivierlambert
          last edited by DreDay

          @olivierlambert the idea of iptables for the VM, Ansible etc. were just other options I looked into as alternatives because DVSC was not my first choice option due to its limitations of only supporting IE and the "heavy" DVSC appliance

          The specific feature that I wanted to use is the "Access Control policies" to achieve something similar to AWS security groups. https://docs.citrix.com/en-us/citrix-hypervisor/vswitch-controller/virtual-network-visibility.html#set-up-access-control-policies

          jtbw911J 1 Reply Last reply Reply Quote 0
          • jtbw911J Offline
            jtbw911 @DreDay
            last edited by

            @GHW @olivierlambert The Access Control lists in the DVSC instance was easily one of its most powerful and useful features. It essentially turned the DVS into an actual port-level security capable virtual switch. If it had full-featured routing, it would have been a very nifty solution to layer 3 in the virtual network space without having to run an entirely different appliance to achieve that capability. Perhaps that is something that the SDN could do at some point? (become a layer 3 capable switch with security access control)

            1 Reply Last reply Reply Quote 0
            • olivierlambertO Offline
              olivierlambert Vates 🪐 Co-Founder CEO
              last edited by

              Sadly I have no DVSC knowledge myself, so it would be great if you are able to explain in a kind of simple "high level specification" (eh "doing this in the UI with a screenshot, it does that") in a Github issue for SDN plugin, we might implement it on our side 🙂

              D 1 Reply Last reply Reply Quote 0
              • H Offline
                hitechhillbilly
                last edited by

                So does the removal of the DMC mean that we wont be able to over-commit memory anymore?

                Regards,
                Marty

                1 Reply Last reply Reply Quote 0
                • D Offline
                  DreDay @olivierlambert
                  last edited by DreDay

                  @olivierlambert said in Citrix Hypervisor 8.1 released:

                  Sadly I have no DVSC knowledge myself, so it would be great if you are able to explain in a kind of simple "high level specification" (eh "doing this in the UI with a screenshot, it does that") in a Github issue for SDN plugin, we might implement it on our side 🙂

                  A bit of good news is that the DVSC works out of the box with XCP-ng 8.0. Though I have not tested it in conjunction with the SDN plug-in. 3bd7eaae-605c-4420-91c0-9be4619cb120-image.png

                  After importing the DVSC and adding it to the resource pool:
                  .1) Select the VM you want to apply security ACLs to
                  f4fc366e-f811-4e12-b3c2-d648ff3354ee-image.png
                  .2) Select "Access Control" and here you can create a network ACL policy to control traffic to and from the VM (by default there are no restrictions) a99beb49-eab3-44b1-9268-f41c3c40c98f-image.png
                  .3) Apply your desired network security policy to the VM c18137ec-de10-4e53-b145-5781bb801a37-image.png
                  Results
                  Allows ping to 8.8.8.8 but blocks ping to 8.8.4.4 since it is not allowed in ACL policy
                  dff6d4d1-49c6-44a2-8ac9-17c12935a55c-image.png

                  Allows access to HTTP web server as defined in the the VM network ACL policy and blocks access to the other a3c4f3ad-bc82-46d0-bbbb-6741586db76b-image.png

                  Restricts SSH access to trusted hosts
                  84dc6943-b3b8-4e48-9613-fbc8152c1843-image.png

                  7dabce6f-3481-4505-b852-59b440b0315b-image.png

                  1 Reply Last reply Reply Quote 1
                  • olivierlambertO Offline
                    olivierlambert Vates 🪐 Co-Founder CEO
                    last edited by

                    Thanks I'm pinging @BenjiReis who built the SDN plugin 🙂

                    D 1 Reply Last reply Reply Quote 1
                    • D Offline
                      DreDay @olivierlambert
                      last edited by

                      @olivierlambert thanks 👍

                      1 Reply Last reply Reply Quote 0
                      • olivierlambertO Offline
                        olivierlambert Vates 🪐 Co-Founder CEO
                        last edited by

                        @GHW this is in our internal roadmap. So before doing any promises, we'll see first if we can do a working PoC. Depending on priorities, we could target a firm answer (will it be released one day) in Q1, and if yes to the previous question, might be Q2.

                        D 1 Reply Last reply Reply Quote 1
                        • D Offline
                          DreDay @olivierlambert
                          last edited by

                          @olivierlambert Awesome and thank you for the follow-up.

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post