By default, live migration memory transfer data is encrypted when transferring between source and target hosts by using an encryption cipher that is supported on both hosts. You can use the zoneadm migrate -c [cipher] command to specify a particular encryption cipher or disable encryption.
zoneadm migrate -c cipher has the following options:
Disables encryption
Lists supported ciphers on the source and target hosts.
Specifies one of the ciphers that is supported on the source and target hosts. The migrate -c list command shows the possible values.
If you do not specify a cipher, one is automatically chosen based upon support of both the source and target hosts.
Example 32 Live Migration Between Two Trusted HostsThe following example demonstrates a live migration of the kernel zone kzone1 from the source host global1 to the destination host global2. Encryption has been disabled.
global1$ zoneadm -z kzone1 migrate -c none root@global2 Password: zoneadm: zone 'kzone1': Using existing zone configuration on destination. zoneadm: zone 'kzone1': Attaching zone. zoneadm: zone 'kzone1': Booting zone in 'migrating-in' mode. zoneadm: zone 'kzone1': Checking migration compatibility. zoneadm: zone 'kzone1': Starting migration. zoneadm: zone 'kzone1': Suspending zone on source host. zoneadm: zone 'kzone1': Waiting for migration to complete. zoneadm: zone 'kzone1': Migration successful. zoneadm: zone 'kzone1': Halting and detaching zone on source host.Example 33 Confirming Cipher Compatibility Between Live Migration Source and Destination Hosts
The following example demonstrates a live migration of the kernel zone kzone1 from the source host global1 to the destination host global2. The specified cipher aes-128-cbc is not supported on the destination host.
global1$ zoneadm -z kzone1 migrate -c aes-128-cbc ssh://global2 zoneadm: zone 'kzone1': cipher aes-128-cbc not supported by destination zoneadm: zone 'kzone1': destination supports: aes-128-ccm aes-128-gcmExample 34 Listing Available Supported Ciphers on Live Migration Source and Destination Hosts
The following example lists the available supported ciphers during a live migration of the kernel zone kzone1. The zone is migrated from the source host global1 to the destination host global2.
global1$ zoneadm -z kzone1 migrate -c list root@global2 Password: source ciphers: aes-128-ccm aes-128-gcm none destination ciphers: none # echo $? 0