Security for Migration Operations
Oracle VM Server for SPARC provides the following security features for migration operations:
-
Authentication. Because the migration operation executes on two machines, a user must be authenticated on both the source and target machines in some cases. In particular, a user other than superuser must use the
LDoms Managementrights profile. However, if you perform a migration with SSL certificates, users are not required to be authenticated on both the target and source machines and you cannot specify another user.The
ldm migrate-domaincommand permits you to optionally specify an alternate user name for authentication on the target machine. If this alternate user name is not specified, the user name of the user who is executing the migration command is used. See Migrating and Renaming a Guest Domain. In either case, the user is prompted for a password for the target machine, unless the-poption is used to initiate a non-interactive migration. See Performing Non-Interactive Migrations. -
Encryption. Oracle VM Server for SPARC uses SSL to encrypt migration traffic to protect sensitive data from exploitation and to eliminate the requirement for additional hardware and dedicated networks.
-
FIPS 140-2. The Logical Domains Manager respects the Oracle Solaris FIPS 140-2 system configuration when performing domain migrations. See Using a FIPS 140-2 Enabled System in Oracle Solaris 11.4.
- Host Name Matching Semantics. The Oracle Solaris 11.4 SRU 48 OS introduces
the
ldmd/tls_host_matchSMF property to control the strictness of host name and IP address matching semantics when validating SSL certificates:The default property value is
false, which disables the stricter matching. To enable strict host name and IP address matching of the specified migration target against the target's certificate, set the property value totrue. Then, refresh and restart theldmdSMF service.