ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    XenServer Disable Root

    Scheduled Pinned Locked Moved IT Discussion
    78 Posts 8 Posters 15.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • DashrenderD
      Dashrender @scottalanmiller
      last edited by

      @scottalanmiller said in XenServer Disable Root:

      @Dashrender said in XenServer Disable Root:

      @scottalanmiller said in XenServer Disable Root:

      @Dashrender said in XenServer Disable Root:

      So what I'm asking - why can't you take rebooting away from an XC user? That seems like a highly short sited implementation.

      Because XC doesn't have a user permissions system, plain and simple. XC isn't for that. XO is, OpenStack is. If you want that and you have XC, you've selected the wrong tool for the job,

      AWWW - now the knowledge is coming forth.

      So, pre XO, how were non admins suppose to be able to manage VMs on XS? or were they not?

      They were not. Why would non-admins be using a system like this? If you wanted something like that why not run a cloud?

      I'm not exactly sure what you mean by a cloud? You mean a real cloud like AWS? growing and shrinking as needed dynamically? or do you mean something like DO?

      scottalanmillerS 2 Replies Last reply Reply Quote 0
      • DashrenderD
        Dashrender @scottalanmiller
        last edited by

        @scottalanmiller said in XenServer Disable Root:

        @Dashrender said in XenServer Disable Root:

        @scottalanmiller said in XenServer Disable Root:

        @Dashrender said in XenServer Disable Root:

        So what I'm asking - why can't you take rebooting away from an XC user? That seems like a highly short sited implementation.

        Because XC doesn't have a user permissions system, plain and simple. XC isn't for that. XO is, OpenStack is. If you want that and you have XC, you've selected the wrong tool for the job,

        AWWW - now the knowledge is coming forth.

        So, pre XO, how were non admins suppose to be able to manage VMs on XS? or were they not?

        They were not. Why would non-admins be using a system like this? If you wanted something like that why not run a cloud?

        Not that I ever tried, but I thought VMWare with Vsphere could allow these types of users, who could admin VMs, but not change the host itself, etc.

        scottalanmillerS 1 Reply Last reply Reply Quote 0
        • scottalanmillerS
          scottalanmiller @Dashrender
          last edited by

          @Dashrender said in XenServer Disable Root:

          @scottalanmiller said in XenServer Disable Root:

          @Dashrender said in XenServer Disable Root:

          @scottalanmiller said in XenServer Disable Root:

          @Dashrender said in XenServer Disable Root:

          So what I'm asking - why can't you take rebooting away from an XC user? That seems like a highly short sited implementation.

          Because XC doesn't have a user permissions system, plain and simple. XC isn't for that. XO is, OpenStack is. If you want that and you have XC, you've selected the wrong tool for the job,

          AWWW - now the knowledge is coming forth.

          So, pre XO, how were non admins suppose to be able to manage VMs on XS? or were they not?

          They were not. Why would non-admins be using a system like this? If you wanted something like that why not run a cloud?

          I'm not exactly sure what you mean by a cloud? You mean a real cloud like AWS? growing and shrinking as needed dynamically? or do you mean something like DO?

          Both and neither. Those are hosted clouds and both do the same thing, more or less. So both are cloud and yes that's what I mean because they both do user provisioning as that is part of cloud. Neither grow or shrink really, so not sure what you mean there.

          OpenStack is the obvious choice, bolts right on to Xen.

          DashrenderD 1 Reply Last reply Reply Quote 0
          • scottalanmillerS
            scottalanmiller @Dashrender
            last edited by

            @Dashrender said in XenServer Disable Root:

            @scottalanmiller said in XenServer Disable Root:

            @Dashrender said in XenServer Disable Root:

            @scottalanmiller said in XenServer Disable Root:

            @Dashrender said in XenServer Disable Root:

            So what I'm asking - why can't you take rebooting away from an XC user? That seems like a highly short sited implementation.

            Because XC doesn't have a user permissions system, plain and simple. XC isn't for that. XO is, OpenStack is. If you want that and you have XC, you've selected the wrong tool for the job,

            AWWW - now the knowledge is coming forth.

            So, pre XO, how were non admins suppose to be able to manage VMs on XS? or were they not?

            They were not. Why would non-admins be using a system like this? If you wanted something like that why not run a cloud?

            Not that I ever tried, but I thought VMWare with Vsphere could allow these types of users, who could admin VMs, but not change the host itself, etc.

            They do, that's a feature there. But one that XO brings, too.

            1 Reply Last reply Reply Quote 0
            • DashrenderD
              Dashrender @scottalanmiller
              last edited by

              @scottalanmiller said in XenServer Disable Root:

              @Dashrender said in XenServer Disable Root:

              @scottalanmiller said in XenServer Disable Root:

              @Dashrender said in XenServer Disable Root:

              @scottalanmiller said in XenServer Disable Root:

              @Dashrender said in XenServer Disable Root:

              So what I'm asking - why can't you take rebooting away from an XC user? That seems like a highly short sited implementation.

              Because XC doesn't have a user permissions system, plain and simple. XC isn't for that. XO is, OpenStack is. If you want that and you have XC, you've selected the wrong tool for the job,

              AWWW - now the knowledge is coming forth.

              So, pre XO, how were non admins suppose to be able to manage VMs on XS? or were they not?

              They were not. Why would non-admins be using a system like this? If you wanted something like that why not run a cloud?

              I'm not exactly sure what you mean by a cloud? You mean a real cloud like AWS? growing and shrinking as needed dynamically? or do you mean something like DO?

              Both and neither. Those are hosted clouds and both do the same thing, more or less. So both are cloud and yes that's what I mean because they both do user provisioning as that is part of cloud. Neither grow or shrink really, so not sure what you mean there.

              OpenStack is the obvious choice, bolts right on to Xen.

              Yeah something like OpenStack (that's a real cloud computing, right?) the auto grow/shrink platform?

              scottalanmillerS 1 Reply Last reply Reply Quote 0
              • scottalanmillerS
                scottalanmiller @Dashrender
                last edited by

                @Dashrender said in XenServer Disable Root:

                @scottalanmiller said in XenServer Disable Root:

                @Dashrender said in XenServer Disable Root:

                @scottalanmiller said in XenServer Disable Root:

                @Dashrender said in XenServer Disable Root:

                So what I'm asking - why can't you take rebooting away from an XC user? That seems like a highly short sited implementation.

                Because XC doesn't have a user permissions system, plain and simple. XC isn't for that. XO is, OpenStack is. If you want that and you have XC, you've selected the wrong tool for the job,

                AWWW - now the knowledge is coming forth.

                So, pre XO, how were non admins suppose to be able to manage VMs on XS? or were they not?

                They were not. Why would non-admins be using a system like this? If you wanted something like that why not run a cloud?

                I'm not exactly sure what you mean by a cloud? You mean a real cloud like AWS? growing and shrinking as needed dynamically? or do you mean something like DO?

                Just for general reference, I always mean the same thing when I say cloud 😉 A cloud is a specific architectural design and I always mean it literally like that. That architecture requires user management to function. so while auto-provisioning isn't needed here, it just comes along for the ride.

                1 Reply Last reply Reply Quote 0
                • scottalanmillerS
                  scottalanmiller @Dashrender
                  last edited by

                  @Dashrender said in XenServer Disable Root:

                  @scottalanmiller said in XenServer Disable Root:

                  @Dashrender said in XenServer Disable Root:

                  @scottalanmiller said in XenServer Disable Root:

                  @Dashrender said in XenServer Disable Root:

                  @scottalanmiller said in XenServer Disable Root:

                  @Dashrender said in XenServer Disable Root:

                  So what I'm asking - why can't you take rebooting away from an XC user? That seems like a highly short sited implementation.

                  Because XC doesn't have a user permissions system, plain and simple. XC isn't for that. XO is, OpenStack is. If you want that and you have XC, you've selected the wrong tool for the job,

                  AWWW - now the knowledge is coming forth.

                  So, pre XO, how were non admins suppose to be able to manage VMs on XS? or were they not?

                  They were not. Why would non-admins be using a system like this? If you wanted something like that why not run a cloud?

                  I'm not exactly sure what you mean by a cloud? You mean a real cloud like AWS? growing and shrinking as needed dynamically? or do you mean something like DO?

                  Both and neither. Those are hosted clouds and both do the same thing, more or less. So both are cloud and yes that's what I mean because they both do user provisioning as that is part of cloud. Neither grow or shrink really, so not sure what you mean there.

                  OpenStack is the obvious choice, bolts right on to Xen.

                  Yeah something like OpenStack (that's a real cloud computing, right?) the auto grow/shrink platform?

                  As real as it gets! But doesn't grow or shrink.

                  DashrenderD 1 Reply Last reply Reply Quote 0
                  • DashrenderD
                    Dashrender @scottalanmiller
                    last edited by

                    @scottalanmiller said in XenServer Disable Root:

                    @Dashrender said in XenServer Disable Root:

                    @scottalanmiller said in XenServer Disable Root:

                    @Dashrender said in XenServer Disable Root:

                    @scottalanmiller said in XenServer Disable Root:

                    @Dashrender said in XenServer Disable Root:

                    @scottalanmiller said in XenServer Disable Root:

                    @Dashrender said in XenServer Disable Root:

                    So what I'm asking - why can't you take rebooting away from an XC user? That seems like a highly short sited implementation.

                    Because XC doesn't have a user permissions system, plain and simple. XC isn't for that. XO is, OpenStack is. If you want that and you have XC, you've selected the wrong tool for the job,

                    AWWW - now the knowledge is coming forth.

                    So, pre XO, how were non admins suppose to be able to manage VMs on XS? or were they not?

                    They were not. Why would non-admins be using a system like this? If you wanted something like that why not run a cloud?

                    I'm not exactly sure what you mean by a cloud? You mean a real cloud like AWS? growing and shrinking as needed dynamically? or do you mean something like DO?

                    Both and neither. Those are hosted clouds and both do the same thing, more or less. So both are cloud and yes that's what I mean because they both do user provisioning as that is part of cloud. Neither grow or shrink really, so not sure what you mean there.

                    OpenStack is the obvious choice, bolts right on to Xen.

                    Yeah something like OpenStack (that's a real cloud computing, right?) the auto grow/shrink platform?

                    As real as it gets! But doesn't grow or shrink.

                    I thought that was one of the main gains in cloud computing - the ability to bring more resources online as needed, and then turn them off (stop paying for them) when you don't?

                    coliverC scottalanmillerS 2 Replies Last reply Reply Quote 0
                    • DashrenderD
                      Dashrender
                      last edited by

                      As for John's need -

                      @stacksofplates who are you giving access to the XS that wouldn't/shouldn't have root access to anyway? I guess today if you really need to give department level access to a VM, you do that through XO and those users, assuming those users don't exist/have permission in XC you should be good to go.

                      stacksofplatesS 1 Reply Last reply Reply Quote 0
                      • coliverC
                        coliver @Dashrender
                        last edited by

                        @Dashrender said in XenServer Disable Root:

                        @scottalanmiller said in XenServer Disable Root:

                        @Dashrender said in XenServer Disable Root:

                        @scottalanmiller said in XenServer Disable Root:

                        @Dashrender said in XenServer Disable Root:

                        @scottalanmiller said in XenServer Disable Root:

                        @Dashrender said in XenServer Disable Root:

                        @scottalanmiller said in XenServer Disable Root:

                        @Dashrender said in XenServer Disable Root:

                        So what I'm asking - why can't you take rebooting away from an XC user? That seems like a highly short sited implementation.

                        Because XC doesn't have a user permissions system, plain and simple. XC isn't for that. XO is, OpenStack is. If you want that and you have XC, you've selected the wrong tool for the job,

                        AWWW - now the knowledge is coming forth.

                        So, pre XO, how were non admins suppose to be able to manage VMs on XS? or were they not?

                        They were not. Why would non-admins be using a system like this? If you wanted something like that why not run a cloud?

                        I'm not exactly sure what you mean by a cloud? You mean a real cloud like AWS? growing and shrinking as needed dynamically? or do you mean something like DO?

                        Both and neither. Those are hosted clouds and both do the same thing, more or less. So both are cloud and yes that's what I mean because they both do user provisioning as that is part of cloud. Neither grow or shrink really, so not sure what you mean there.

                        OpenStack is the obvious choice, bolts right on to Xen.

                        Yeah something like OpenStack (that's a real cloud computing, right?) the auto grow/shrink platform?

                        As real as it gets! But doesn't grow or shrink.

                        I thought that was one of the main gains in cloud computing - the ability to bring more resources online as needed, and then turn them off (stop paying for them) when you don't?

                        That's not a feature of cloud computing. That's a feature of scale-out architecture... to an extent.

                        scottalanmillerS 1 Reply Last reply Reply Quote 0
                        • stacksofplatesS
                          stacksofplates @Dashrender
                          last edited by

                          @Dashrender said in XenServer Disable Root:

                          As for John's need -

                          @stacksofplates who are you giving access to the XS that wouldn't/shouldn't have root access to anyway? I guess today if you really need to give department level access to a VM, you do that through XO and those users, assuming those users don't exist/have permission in XC you should be good to go.

                          Ya the XO users wouldn't have any XenServer permissions.

                          I'm more thinking along the lines of keeping in line with requirements/compliance issues placed on us. I've thought about it a little more and I'm sure I can pull off explaining it's the same as iLO or iDRAC. It's just I know who I have to explain this stuff to compliance wise, and it's like explaining quantum physics to a 3rd grader.

                          It's just these are the kind of people that see you can type root from your desktop and log into a machine from anywhere. So to them, that's root access, and you're going to have a really hard time explaining/changing their mind. Just something I have to deal with (which is why I was trying to find a way to disable it so I can save myself the trouble).

                          DustinB3403D 1 Reply Last reply Reply Quote 0
                          • DustinB3403D
                            DustinB3403 @stacksofplates
                            last edited by

                            @stacksofplates said in XenServer Disable Root:

                            @Dashrender said in XenServer Disable Root:

                            As for John's need -

                            @stacksofplates who are you giving access to the XS that wouldn't/shouldn't have root access to anyway? I guess today if you really need to give department level access to a VM, you do that through XO and those users, assuming those users don't exist/have permission in XC you should be good to go.

                            Ya the XO users wouldn't have any XenServer permissions.

                            I'm more thinking along the lines of keeping in line with requirements/compliance issues placed on us. I've thought about it a little more and I'm sure I can pull off explaining it's the same as iLO or iDRAC. It's just I know who I have to explain this stuff to compliance wise, and it's like explaining quantum physics to a 3rd grader.

                            It's just these are the kind of people that see you can type root from your desktop and log into a machine from anywhere. So to them, that's root access, and you're going to have a really hard time explaining/changing their mind. Just something I have to deal with (which is why I was trying to find a way to disable it so I can save myself the trouble).

                            Wouldn't the solution to the "see you type root from your desktop" be an explanation of the technology?

                            Don't get me wrong, I am totally for you doing what needs to be done, but if they don't understand the technology, how can they best determine the security around said technology?

                            1 Reply Last reply Reply Quote -1
                            • scottalanmillerS
                              scottalanmiller @Dashrender
                              last edited by

                              @Dashrender said in XenServer Disable Root:

                              @scottalanmiller said in XenServer Disable Root:

                              @Dashrender said in XenServer Disable Root:

                              @scottalanmiller said in XenServer Disable Root:

                              @Dashrender said in XenServer Disable Root:

                              @scottalanmiller said in XenServer Disable Root:

                              @Dashrender said in XenServer Disable Root:

                              @scottalanmiller said in XenServer Disable Root:

                              @Dashrender said in XenServer Disable Root:

                              So what I'm asking - why can't you take rebooting away from an XC user? That seems like a highly short sited implementation.

                              Because XC doesn't have a user permissions system, plain and simple. XC isn't for that. XO is, OpenStack is. If you want that and you have XC, you've selected the wrong tool for the job,

                              AWWW - now the knowledge is coming forth.

                              So, pre XO, how were non admins suppose to be able to manage VMs on XS? or were they not?

                              They were not. Why would non-admins be using a system like this? If you wanted something like that why not run a cloud?

                              I'm not exactly sure what you mean by a cloud? You mean a real cloud like AWS? growing and shrinking as needed dynamically? or do you mean something like DO?

                              Both and neither. Those are hosted clouds and both do the same thing, more or less. So both are cloud and yes that's what I mean because they both do user provisioning as that is part of cloud. Neither grow or shrink really, so not sure what you mean there.

                              OpenStack is the obvious choice, bolts right on to Xen.

                              Yeah something like OpenStack (that's a real cloud computing, right?) the auto grow/shrink platform?

                              As real as it gets! But doesn't grow or shrink.

                              I thought that was one of the main gains in cloud computing - the ability to bring more resources online as needed, and then turn them off (stop paying for them) when you don't?

                              Yes, turning things on and off isn't the same as growing and shrinking a VM. In fact, it's totally different. Nothing grows or shrinks. Resources are created and destroyed.

                              1 Reply Last reply Reply Quote 0
                              • scottalanmillerS
                                scottalanmiller @coliver
                                last edited by

                                @coliver said in XenServer Disable Root:

                                @Dashrender said in XenServer Disable Root:

                                @scottalanmiller said in XenServer Disable Root:

                                @Dashrender said in XenServer Disable Root:

                                @scottalanmiller said in XenServer Disable Root:

                                @Dashrender said in XenServer Disable Root:

                                @scottalanmiller said in XenServer Disable Root:

                                @Dashrender said in XenServer Disable Root:

                                @scottalanmiller said in XenServer Disable Root:

                                @Dashrender said in XenServer Disable Root:

                                So what I'm asking - why can't you take rebooting away from an XC user? That seems like a highly short sited implementation.

                                Because XC doesn't have a user permissions system, plain and simple. XC isn't for that. XO is, OpenStack is. If you want that and you have XC, you've selected the wrong tool for the job,

                                AWWW - now the knowledge is coming forth.

                                So, pre XO, how were non admins suppose to be able to manage VMs on XS? or were they not?

                                They were not. Why would non-admins be using a system like this? If you wanted something like that why not run a cloud?

                                I'm not exactly sure what you mean by a cloud? You mean a real cloud like AWS? growing and shrinking as needed dynamically? or do you mean something like DO?

                                Both and neither. Those are hosted clouds and both do the same thing, more or less. So both are cloud and yes that's what I mean because they both do user provisioning as that is part of cloud. Neither grow or shrink really, so not sure what you mean there.

                                OpenStack is the obvious choice, bolts right on to Xen.

                                Yeah something like OpenStack (that's a real cloud computing, right?) the auto grow/shrink platform?

                                As real as it gets! But doesn't grow or shrink.

                                I thought that was one of the main gains in cloud computing - the ability to bring more resources online as needed, and then turn them off (stop paying for them) when you don't?

                                That's not a feature of cloud computing. That's a feature of scale-out architecture... to an extent.

                                It is a feature of cloud as described (turning on and off) but not as stated (growing and shrinking.)

                                1 Reply Last reply Reply Quote 0
                                • J
                                  Jason Banned @DustinB3403
                                  last edited by

                                  @DustinB3403 said in XenServer Disable Root:

                                  Then do a sweep of your network ensuring no one has XenCenter that isn't supposed to.

                                  Fail! Not installing software is not a form of access control. You can find probable exe's and ways around just about any of that.

                                  scottalanmillerS 1 Reply Last reply Reply Quote 1
                                  • scottalanmillerS
                                    scottalanmiller @Jason
                                    last edited by

                                    @Jason said in XenServer Disable Root:

                                    @DustinB3403 said in XenServer Disable Root:

                                    Then do a sweep of your network ensuring no one has XenCenter that isn't supposed to.

                                    Fail! Not installing software is not a form of access control. You can find probable exe's and ways around just about any of that.

                                    Instead, lock down the XS machine to ensure that only the selected XO host has any kind of access to it.

                                    travisdh1T 1 Reply Last reply Reply Quote 1
                                    • travisdh1T
                                      travisdh1 @scottalanmiller
                                      last edited by

                                      @scottalanmiller said in XenServer Disable Root:

                                      @Jason said in XenServer Disable Root:

                                      @DustinB3403 said in XenServer Disable Root:

                                      Then do a sweep of your network ensuring no one has XenCenter that isn't supposed to.

                                      Fail! Not installing software is not a form of access control. You can find probable exe's and ways around just about any of that.

                                      Instead, lock down the XS machine to ensure that only the selected XO host has any kind of access to it.

                                      Gah, where was my head all day long.

                                      1 Reply Last reply Reply Quote 1
                                      • 1
                                      • 2
                                      • 3
                                      • 4
                                      • 2 / 4
                                      • First post
                                        Last post