Go to main content
Oracle® VM Server for SPARC 3.4 Administration Guide

Exit Print View

Updated: August 2016

Security for Migration Operations

    Oracle VM Server for SPARC provides the following security features for migration operations:

  • Authentication. Because the migration operation executes on two machines, a user must be authenticated on both the source and target machines in some cases. In particular, a user other than superuser must use the LDoms Management rights profile. However, if you perform a migration with SSL certificates, users are not required to be authenticated on both the target and source machines and you cannot specify another user.

    The ldm migrate-domain command permits you to optionally specify an alternate user name for authentication on the target machine. If this alternate user name is not specified, the user name of the user who is executing the migration command is used. See Example 56. In either case, the user is prompted for a password for the target machine, unless the –p option is used to initiate a non-interactive migration. See Performing Non-Interactive Migrations.

  • Encryption. Oracle VM Server for SPARC uses SSL to encrypt migration traffic to protect sensitive data from exploitation and to eliminate the requirement for additional hardware and dedicated networks.

    On platforms that have cryptographic units, the speed of the migration operation increases when the primary domain on the source and target machines has cryptographic units assigned. This increase in speed occurs because the SSL operations can be off-loaded to the cryptographic units.

    The speed of a migration operation is automatically improved on platforms that have cryptographic instructions in the CPU. This improvement occurs because the SSL operations can be carried out by the cryptographic instructions rather than in software.

  • FIPS 140-2. You can configure your system to perform domain migrations to use the Oracle Solaris FIPS 140-2 certified OpenSSL libraries. See FIPS 140-2 Mode for Domain Migration.