XCP-ng
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Citrix Hypervisor 8.1 released

    News
    10
    28
    2.7k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • jtbw911J
      jtbw911 @DreDay
      last edited by

      @GHW @olivierlambert The Access Control lists in the DVSC instance was easily one of its most powerful and useful features. It essentially turned the DVS into an actual port-level security capable virtual switch. If it had full-featured routing, it would have been a very nifty solution to layer 3 in the virtual network space without having to run an entirely different appliance to achieve that capability. Perhaps that is something that the SDN could do at some point? (become a layer 3 capable switch with security access control)

      1 Reply Last reply Reply Quote 0
      • olivierlambertO
        olivierlambert Vates 🪐 Co-Founder🦸 CEO 🧑‍💼
        last edited by

        Sadly I have no DVSC knowledge myself, so it would be great if you are able to explain in a kind of simple "high level specification" (eh "doing this in the UI with a screenshot, it does that") in a Github issue for SDN plugin, we might implement it on our side 🙂

        D 1 Reply Last reply Reply Quote 0
        • H
          hitechhillbilly
          last edited by

          So does the removal of the DMC mean that we wont be able to over-commit memory anymore?

          Regards,
          Marty

          1 Reply Last reply Reply Quote 0
          • D
            DreDay @olivierlambert
            last edited by DreDay

            @olivierlambert said in Citrix Hypervisor 8.1 released:

            Sadly I have no DVSC knowledge myself, so it would be great if you are able to explain in a kind of simple "high level specification" (eh "doing this in the UI with a screenshot, it does that") in a Github issue for SDN plugin, we might implement it on our side 🙂

            A bit of good news is that the DVSC works out of the box with XCP-ng 8.0. Though I have not tested it in conjunction with the SDN plug-in. 3bd7eaae-605c-4420-91c0-9be4619cb120-image.png

            After importing the DVSC and adding it to the resource pool:
            .1) Select the VM you want to apply security ACLs to
            f4fc366e-f811-4e12-b3c2-d648ff3354ee-image.png
            .2) Select "Access Control" and here you can create a network ACL policy to control traffic to and from the VM (by default there are no restrictions) a99beb49-eab3-44b1-9268-f41c3c40c98f-image.png
            .3) Apply your desired network security policy to the VM c18137ec-de10-4e53-b145-5781bb801a37-image.png
            Results
            Allows ping to 8.8.8.8 but blocks ping to 8.8.4.4 since it is not allowed in ACL policy
            dff6d4d1-49c6-44a2-8ac9-17c12935a55c-image.png

            Allows access to HTTP web server as defined in the the VM network ACL policy and blocks access to the other a3c4f3ad-bc82-46d0-bbbb-6741586db76b-image.png

            Restricts SSH access to trusted hosts
            84dc6943-b3b8-4e48-9613-fbc8152c1843-image.png

            7dabce6f-3481-4505-b852-59b440b0315b-image.png

            1 Reply Last reply Reply Quote 1
            • olivierlambertO
              olivierlambert Vates 🪐 Co-Founder🦸 CEO 🧑‍💼
              last edited by

              Thanks I'm pinging @BenjiReis who built the SDN plugin 🙂

              D 1 Reply Last reply Reply Quote 1
              • D
                DreDay @olivierlambert
                last edited by

                @olivierlambert thanks 👍

                1 Reply Last reply Reply Quote 0
                • olivierlambertO
                  olivierlambert Vates 🪐 Co-Founder🦸 CEO 🧑‍💼
                  last edited by

                  @GHW this is in our internal roadmap. So before doing any promises, we'll see first if we can do a working PoC. Depending on priorities, we could target a firm answer (will it be released one day) in Q1, and if yes to the previous question, might be Q2.

                  D 1 Reply Last reply Reply Quote 1
                  • D
                    DreDay @olivierlambert
                    last edited by

                    @olivierlambert Awesome and thank you for the follow-up.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post