Management Information Base for Virtual Machines Controlled by a Hypervisor
draft-ietf-opsawg-vmm-mib-01
The information below is for an old version of the document.
| Document | Type |
This is an older version of an Internet-Draft that was ultimately published as RFC 7666.
|
|
|---|---|---|---|
| Authors | Hirochika Asai , Michael MacFaden , Jürgen Schönwälder , Keiichi Shima , Tina Tsou (Ting ZOU) | ||
| Last updated | 2014-07-04 | ||
| Replaces | draft-asai-vmm-mib | ||
| RFC stream | Internet Engineering Task Force (IETF) | ||
| Formats | |||
| Reviews |
GENART Telechat review
(of
-03)
by Paul Kyzivat
Ready w/nits
GENART Last Call review
(of
-02)
by Paul Kyzivat
Ready w/issues
|
||
| Additional resources | Mailing list discussion | ||
| Stream | WG state | WG Document | |
| Document shepherd | (None) | ||
| IESG | IESG state | Became RFC 7666 (Proposed Standard) | |
| Consensus boilerplate | Unknown | ||
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
draft-ietf-opsawg-vmm-mib-01
Transport Layer Security D. Harkins, Ed.
Internet-Draft HP Enterprise
Intended status: Informational August 28, 2017
Expires: March 1, 2018
Secure Password Ciphersuites for Transport Layer Security (TLS)
draft-harkins-tls-dragonfly-02
Abstract
This memo defines several new ciphersuites for the Transport Layer
Security (TLS) protocol to support certificate-less, secure
authentication using only a simple, low-entropy, password. The
exchange is called TLS-PWD. The ciphersuites are all based on an
authentication and key exchange protocol, named "dragonfly", that is
resistant to off-line dictionary attack.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on March 1, 2018.
Copyright Notice
Copyright (c) 2017 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
Harkins Expires March 1, 2018 [Page 1]
vmUUID,
vmOperState
}
STATUS current
DESCRIPTION
"This notification is generated when a virtual machine
has been crashed. The previos state of the virtual
machine is indicated by the included value of
vmOperState."
::= { vmNotifications 9 }
vmBlocked NOTIFICATION-TYPE
OBJECTS {
vmName,
vmUUID,
vmOperState
}
STATUS current
DESCRIPTION
"This notification is generated when the operational
state of a virtual machine has been changed to
blocked(5). The previos state of the virtual machine is
indicated by the included value of vmOperState."
::= { vmNotifications 10 }
vmDeleted NOTIFICATION-TYPE
OBJECTS {
vmName,
vmUUID,
vmOperState,
vmPersistent
}
STATUS current
DESCRIPTION
"This notification is generated when a virtual machine
has been deleted. The prior state of the virtual
machine is indicated by the included value of
vmOperState."
::= { vmNotifications 11 }
vmBulkRunning NOTIFICATION-TYPE
OBJECTS {
vmAffectedVMs
}
STATUS current
DESCRIPTION
"This notification is generated when the operational
state of one or more virtual machine has been changed to
Asai, et al. Expires January 5, 2015 [Page 39]
Internet-Draft Virtual Machine Monitoring MIB July 2014
running(4) from a all prior states except for
running(4). Management stations are encouraged to
subsequently poll the subset of virtual machines of
interest for vmOperState."
::= { vmNotifications 12 }
vmBulkShuttingdown NOTIFICATION-TYPE
OBJECTS {
vmAffectedVMs
}
STATUS current
DESCRIPTION
"This notification is generated when the operational
state of one or more virtual machine has been changed to
shuttingdown(11) from a state other than
shuttingdown(11). Management stations are encouraged to
subsequently poll the subset of virtual machines of
interest for vmOperState."
::= { vmNotifications 13 }
vmBulkShutdown NOTIFICATION-TYPE
OBJECTS {
vmAffectedVMs
}
STATUS current
DESCRIPTION
"This notification is generated when the operational
state of one or more virtual machine has been changed to
shutdown(12) from a state other than shutdown(12).
Management stations are encouraged to subsequently poll
the subset of virtual machines of interest for
vmOperState."
::= { vmNotifications 14 }
vmBulkPaused NOTIFICATION-TYPE
OBJECTS {
vmAffectedVMs
}
STATUS current
DESCRIPTION
"This notification is generated when the operational
state of one or more virtual machines have been changed
to paused(9) from a state other than paused(9).
Management stations are encouraged to subsequently poll
the subset of virtual machines of interest for
vmOperState."
::= { vmNotifications 15 }
Asai, et al. Expires January 5, 2015 [Page 40]
Internet-Draft Virtual Machine Monitoring MIB July 2014
vmBulkSuspending NOTIFICATION-TYPE
OBJECTS {
vmAffectedVMs
}
STATUS current
DESCRIPTION
"This notification is generated when the operational
state of one or more virtual machines have been changed
to suspending(6) from a state other than suspending(6).
Management stations are encouraged to subsequently poll
the subset of virtual machines of interest for
vmOperState."
::= { vmNotifications 16 }
vmBulkSuspended NOTIFICATION-TYPE
OBJECTS {
vmAffectedVMs
}
STATUS current
DESCRIPTION
"This notification is generated when the operational
state of one or more virtual machines have been changed
to suspended(7) from a state other than suspended(7).
Management stations are encouraged to subsequently poll
the subset of virtual machines of interest for
vmOperState."
::= { vmNotifications 17 }
vmBulkResuming NOTIFICATION-TYPE
OBJECTS {
vmAffectedVMs
}
STATUS current
DESCRIPTION
"This notification is generated when the operational
state of one or more virtual machines have been changed
to resuming(8) from a state other than resuming(8).
Management stations are encouraged to subsequently poll
the subset of virtual machines of interest for
vmOperState."
::= { vmNotifications 18 }
vmBulkMigrating NOTIFICATION-TYPE
OBJECTS {
vmAffectedVMs
}
STATUS current
DESCRIPTION
Asai, et al. Expires January 5, 2015 [Page 41]
Internet-Draft Virtual Machine Monitoring MIB July 2014
"This notification is generated when the operational
state of one or more virtual machines have been changed
to migrating(10) from a state other than migrating(10).
Management stations are encouraged to subsequently poll
the subset of virtual machines of interest for
vmOperState."
::= { vmNotifications 19 }
vmBulkCrashed NOTIFICATION-TYPE
OBJECTS {
vmAffectedVMs
}
STATUS current
DESCRIPTION
"This notification is generated when one or more virtual
machines have been crashed. Management stations are
encouraged to subsequently poll the subset of virtual
machines of interest for vmOperState."
::= { vmNotifications 20 }
vmBulkBlocked NOTIFICATION-TYPE
OBJECTS {
vmAffectedVMs
}
STATUS current
DESCRIPTION
"This notification is generated when the operational
state of one or more virtual machines have been changed
to blocked(5) from a state other than blocked(5).
Management stations are encouraged to subsequently poll
the subset of virtual machines of interest for
vmOperState."
::= { vmNotifications 21 }
vmBulkDeleted NOTIFICATION-TYPE
OBJECTS {
vmAffectedVMs
}
STATUS current
DESCRIPTION
"This notification is generated when one or more virtual
machines have been deleted. Management stations are
encouraged to subsequently poll the subset of virtual
machines of interest for vmOperState."
::= { vmNotifications 22 }
-- Compliance definitions:
vmCompliances OBJECT IDENTIFIER ::= { vmConformance 1 }
Asai, et al. Expires January 5, 2015 [Page 42]
Internet-Draft Virtual Machine Monitoring MIB July 2014
vmGroups OBJECT IDENTIFIER ::= { vmConformance 2 }
vmFullCompliances MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"Compliance statement for implementations supporting
read/write access, according to the object definitions."
MODULE -- this module
MANDATORY-GROUPS {
vmHypervisorGroup,
vmVirtualMachineGroup,
vmCpuGroup,
vmCpuAffinityGroup,
vmStorageGroup,
vmNetworkGroup
}
GROUP vmPerVMNotificationOptionalGroup
DESCRIPTION
"Support for per-VM notifications is optional. If not
implemented then vmPerVMNotificationsEnabled must report
false(2)."
GROUP vmBulkNotificationsVariablesGroup
DESCRIPTION
"Necessary only if vmPerVMNotificationOptionalGroup is
implemented."
GROUP vmBulkNotificationOptionalGroup
DESCRIPTION
"Support for bulk notifications is optional. If not
implemented then vmBulkNotificationsEnabled must report
false(2)."
::= { vmCompliances 1 }
vmReadOnlyCompliances MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"Compliance statement for implementations supporting
only readonly access."
MODULE -- this module
MANDATORY-GROUPS {
vmHypervisorGroup,
vmVirtualMachineGroup,
vmCpuGroup,
vmCpuAffinityGroup,
vmStorageGroup,
vmNetworkGroup
}
Asai, et al. Expires January 5, 2015 [Page 43]
Internet-Draft Virtual Machine Monitoring MIB July 2014
OBJECT vmPerVMNotificationsEnabled
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT vmBulkNotificationsEnabled
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
::= { vmCompliances 2 }
vmHypervisorGroup OBJECT-GROUP
OBJECTS {
vmHvSoftware,
vmHvVersion,
vmHvObjectID,
vmHvUpTime,
vmNumber,
vmTableLastChange,
vmPerVMNotificationsEnabled,
vmBulkNotificationsEnabled
}
STATUS current
DESCRIPTION
"A collection of objects providing insight into the
hypervisor itself."
::= { vmGroups 1 }
vmVirtualMachineGroup OBJECT-GROUP
OBJECTS {
-- vmIndex
vmName,
vmUUID,
vmOSType,
vmAdminState,
vmOperState,
vmAutoStart,
vmPersistent,
vmCurCpuNumber,
vmMinCpuNumber,
vmMaxCpuNumber,
vmMemUnit,
vmCurMem,
vmMinMem,
vmMaxMem,
vmUpTime,
vmCpuTime
}
Asai, et al. Expires January 5, 2015 [Page 44]
Internet-Draft Virtual Machine Monitoring MIB July 2014
STATUS current
DESCRIPTION
&Internet-Draft TLS Password August 2017
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Background . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. The Case for Certificate-less Authentication . . . . . . 3
1.2. Resistance to Dictionary Attack . . . . . . . . . . . . . 3
2. Keyword Definitions . . . . . . . . . . . . . . . . . . . . . 4
3. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4
3.1. Notation . . . . . . . . . . . . . . . . . . . . . . . . 4
3.2. Discrete Logarithm Cryptography . . . . . . . . . . . . . 5
3.2.1. Elliptic Curve Cryptography . . . . . . . . . . . . . 5
3.2.2. Finite Field Cryptography . . . . . . . . . . . . . . 6
3.3. Instantiating the Random Function . . . . . . . . . . . . 8
3.4. Passwords . . . . . . . . . . . . . . . . . . . . . . . . 8
3.5. Assumptions . . . . . . . . . . . . . . . . . . . . . . . 8
4. Specification of the TLS-PWD Handshake . . . . . . . . . . . 9
4.1. Protecting the Username . . . . . . . . . . . . . . . . . 10
4.1.1. Construction of a Protected Username . . . . . . . . 11
4.1.2. Recovery of a Protected Username . . . . . . . . . . 12
4.2. Fixing the Password Element . . . . . . . . . . . . . . . 13
4.2.1. Computing an ECC Password Element . . . . . . . . . . 14
4.2.2. Computing an FFC Password Element . . . . . . . . . . 16
4.3. Changes to Handshake Message Contents . . . . . . . . . . 17
4.3.1. Client Hello Changes . . . . . . . . . . . . . . . . 17
4.3.2. Server Key Exchange Changes . . . . . . . . . . . . . 18
4.3.2.1. Generation of ServerKeyExchange . . . . . . . . . 19
4.3.2.2. Processing of ServerKeyExchange . . . . . . . . . 20
4.3.3. Client Key Exchange Changes . . . . . . . . . . . . . 21
4.3.3.1. Generation of Client Key Exchange . . . . . . . . 21
4.3.3.2. Processing of Client Key Exchange . . . . . . . . 21
4.4. Computing the Premaster Secret . . . . . . . . . . . . . 22
5. Ciphersuite Definition . . . . . . . . . . . . . . . . . . . 22
6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 23
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 23
8. Security Considerations . . . . . . . . . . . . . . . . . . . 24
9. Human Rights Considerations . . . . . . . . . . . . . . . . . 27
10. Implementation Considerations . . . . . . . . . . . . . . . . 27
11. References . . . . . . . . . . . . . . . . . . . . . . . . . 28
11.1. Normative References . . . . . . . . . . . . . . . . . . 28
11.2. Informative References . . . . . . . . . . . . . . . . . 29
Appendix A. Example Exchange . . . . . . . . . . . . . . . . . . 30
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 35
Harkins Expires March 1, 2018 [Page 2]
Internet-Draft TLS Password August 2017
1. Background
1.1. The Case for Certificate-less Authentication
TLS usually uses public key certificates for authentication
[RFC5246]. This is problematic in some cases:
o Frequently, TLS [RFC5246] is used in devices owned, operated, and
provisioned by people who lack competency to properly use
certificates and merely want to establish a secure connection
using a more natural credential like a simple password. The
proliferation of deployments that use a self-signed server
certificate in TLS [RFC5246] followed by a basic password exchange
over the unauthenticated channel underscores this case.
o The alternatives to TLS-PWD for employing certificate-less TLS
authentication-- using pre-shared keys in an exchange that is
susceptible to dictionary attack, or using an SRP exchange that
requires users to, a priori, be fixed to a specific finite field
cryptorgraphy group for all subsequent connections-- are not
acceptable for modern applications that require both security and
cryptographic agility.
o A password is a more natural credential than a certificate (from
early childhood people learn the semantics of a shared secret), so
a password-based TLS ciphersuite can be used to protect an HTTP-
based certificate enrollment scheme like EST [RFC7030] to parlay a
simple password into a certificate for subsequent use with any
certificate-based authentication protocol. This addresses a
significant "chicken-and-egg" dilemma found with certificate-only
use of [RFC5246].
o Some PIN-code readers will transfer the entered PIN to a smart
card in clear text. Assuming a hostile environment, this is a bad
practice. A password-based TLS ciphersuite can enable the
establishment of an authenticated connection between reader and
card based on the PIN.
1.2. Resistance to Dictionary Attack
It is a common misconception that a protocol that authenticates with
a shared and secret credential is resistent to dictionary attack if
the credential is assumed to be an N-bit uniformly random secret,
where N is sufficiently large. The concept of resistence to
dictionary attack really has nothing to do with whether that secret
can be found in a standard collection of a language's defined words
(i.e. a dictionary). It has to do with how an adversary gains an
advantage in attacking the protocol.
Harkins Expires March 1, 2018 [Page 3]
Internet-Draft TLS Password August 2017
For a protocol to be resistant to dictionary attack any advantage an
adversary can gain must be a function of the amount of interactions
she makes with an honest protocol participant and not a function of
the amount of computation she uses. This means that the adversary
will not be able to obtain any information about the password except
whether a single guess from a single protocol run which she took part
in is correct or incorrect.
It is assumed that the attacker has access to a pool of data from
which the secret was drawn-- it could be all numbers between 1 and
2^N, it could be all defined words in a dictionary. The key is that
the attacker cannot do a an attack and then go off-line and enumerate
through the pool trying potential secrets (computation) to see if one
is correct. She must do an active attack for each secret she wishes
to try (interaction) and the only information she can glean from that
attack is whether the secret used with that particular attack is
correct or not.
2. Keyword Definitions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119].
3. Introduction
3.1. Notation
The following notation is used in this memo:
password
a secret, and potentially low-entropy word, phrase, code or key
used as a credential for authentication. The password is shared
between the TLS client and TLS server.
y = H(x)
a binary string of arbitrary length, x, is given to a function H
which produces a fixed-length output, y.
a | b
denotes concatenation of string a with string b.
[a]b
indicates a string consisting of the single bit "a" repeated "b"
times.
x mod y
Harkins Expires March 1, 2018 [Page 4]
Internet-Draft TLS Password August 2017
indicates the remainder of division of x by y. The result will
be between 0 and y.
len(x)
indicates the length in bits of the string x.
lgr(a,b)
takes "a" and a prime, b and returns the legendre symbol (a/b).
LSB(x)
returns the least-significant bit of the bitstring "x".
G.x
indicates the x-coordinate of a point, G, on an elliptic curve.
3.2. Discrete Logarithm Cryptography
The ciphersuites defined in this memo use discrete logarithm
cryptography (see [SP800-56A]) to produce an authenticated and shared
secret value that is an element in a group defined by a set of domain
parameters. The domain parameters can be based on either Finite
Field Cryptography (FFC) or Elliptic Curve Cryptography (ECC).
Elements in a group, either an FFC or ECC group, are indicated using
upper-case while scalar values are indicated using lower-case.
3.2.1. Elliptic Curve Cryptography
The authenticated key exchange defined in this memo uses fundamental
algorithms of elliptic curves defined over GF(p) as described in
[RFC6090]. Ciphersuites defined in this memo SHALL only use ECC
curves based on the Weierstrass equation y^2 = x^3 + a*x + b.
Domain parameters for the ECC groups used by this memo are:
o A prime, p, determining a prime field GF(p). The cryptographic
group will be a subgroup of the full elliptic curve group which
consists points on an elliptic curve-- elements from GF(p) that
satisfy the curve's equation-- together with the "point at
infinity" that serves as the identity element.
o Elements a and b from GF(p) that define the curve's equation. The
point (x,y) in GF(p) x GF(p) is on the elliptic curve if and only
if (y^2 - x^3 - a*x - b) mod p equals zero (0).
o A point, G, on the elliptic curve, which serves as a generator for
the ECC group. G is chosen such that its order, with respect to
elliptic curve addition, is a sufficiently large prime.
Harkins Expires March 1, 2018 [Page 5]
quot;A collection of objects providing insight into the
virtual machines) controlled by a hypervisor."
::= { vmGroups 2 }
vmCpuGroup OBJECT-GROUP
OBJECTS {
-- vmCpuIndex,
vmCpuCoreTime
}
STATUS current
DESCRIPTION
"A collection of objects providing insight into the
virtual machines) controlled by a hypervisor."
::= { vmGroups 3 }
vmCpuAffinityGroup OBJECT-GROUP
OBJECTS {
-- vmCpuPhysIndex,
vmCpuAffinity
}
STATUS current
DESCRIPTION
"A collection of objects providing insight into the
virtual machines) controlled by a hypervisor."
::= { vmGroups 4 }
vmStorageGroup OBJECT-GROUP
OBJECTS {
-- vmStorageVmIndex,
-- vmStorageIndex,
vmStorageParent,
vmStorageSourceType,
vmStorageSourceTypeString,
vmStorageResourceID,
vmStorageAccess,
vmStorageMediaType,
vmStorageMediaTypeString,
vmStorageSizeUnit,
vmStorageDefinedSize,
vmStorageAllocatedSize,
vmStorageReadIOs,
vmStorageWriteIOs
}
STATUS current
DESCRIPTION
"A collection of objects providing insight into the
Asai, et al. Expires January 5, 2015 [Page 45]
Internet-Draft Virtual Machine Monitoring MIB July 2014
virtual storage devices controlled by a hypervisor."
::= { vmGroups 5 }
vmNetworkGroup OBJECT-GROUP
OBJECTS {
-- vmNetworkIndex,
vmNetworkIfIndex,
vmNetworkParent,
vmNetworkModel,
vmNetworkPhysAddress
}
STATUS current
DESCRIPTION
"A collection of objects providing insight into the
virtual network interfaces controlled by a hypervisor."
::= { vmGroups 6 }
vmPerVMNotificationOptionalGroup NOTIFICATION-GROUP
NOTIFICATIONS {
vmRunning,
vmShuttingdown,
vmShutdown,
vmPaused,
vmSuspending,
vmSuspended,
vmResuming,
vmMigrating,
vmCrashed,
vmBlocked,
vmDeleted
}
STATUS current
DESCRIPTION
"A collection of notifications for per-VM notification
of changes to virtual machine state (vmOperState) as
reported by a hypervisor."
::= { vmGroups 7 }
vmBulkNotificationsVariablesGroup OBJECT-GROUP
OBJECTS {
vmAffectedVMs
}
STATUS current
DESCRIPTION
"The variables used in vmBulkNotificationOptionalGroup
virtual network interfaces controlled by a hypervisor."
::= { vmGroups 8 }
Asai, et al. Expires January 5, 2015 [Page 46]
Internet-Draft Virtual Machine Monitoring MIB July 2014
vmBulkNotificationOptionalGroup NOTIFICATION-GROUP
NOTIFICATIONS {
vmBulkRunning,
vmBulkShuttingdown,
vmBulkShutdown,
vmBulkPaused,
vmBulkSuspending,
vmBulkSuspended,
vmBulkResuming,
vmBulkMigrating,
vmBulkCrashed,
vmBulkBlocked,
vmBulkDeleted
}
STATUS current
DESCRIPTION
"A collection of notifications for bulk notification of
changes to virtual machine state (vmOperState) as
reported by a given hypervisor."
::= { vmGroups 9 }
END
Asai, et al. Expires January 5, 2015 [Page 47]
Internet-Draft Virtual Machine Monitoring MIB July 2014
7. IANA Considerations
The MIB module in this document uses the following IANA-assigned
OBJECT IDENTIFIER values recorded in the SMI Numbers registry:
Descriptor OBJECT IDENTIFIER value
---------- -----------------------
vmMIB { mib-2 TBD }
Asai, et al. Expires January 5, 2015 [Page 48]
Internet-Draft Virtual Machine Monitoring MIB July 2014
8. Security Considerations
There are two objects defined in this MIB,
vmPerVMNotificationsEnabled and vmBulkNotificationsEnabled, that have
a MAX-ACCESS clause of read-write. Such objects may be considered
sensitive or vulnerable in some network environments. The support
for SET operations in a non-secure environment without proper
protection can have a negative effect on the management system. It
is recommended that attention be given to these objects in scenarios
that DO NOT use SNMPv3 strong security, i.e. authentication and
encryption. When SNMPv3 strong security is not used, these objects
should have access of read-only, not read-write.
There are a number of managed objects in this MIB that may contain
sensitive information. The objects in the vmHvSoftware and
vmHvVersion list information about the hypervisor's software and
version. Some may wish not to disclose to others which software they
are running. Further, an inventory of the running software and
versions may be helpful to an attacker who hopes to exploit software
bugs in certain applications. Moreover, the objects in the vmTable,
vmCpuTable, vmCpuAffinityTable, vmStorageTable and vmNetworkTable
list information about the virtual machines and their virtual
resource allocation. Some may wish not to disclose to others how
many and what virtual machines they are operating.
It is thus important to control even GET access to these objects and
possibly to even encrypt the values of these object when sending them
over the network via SNMP. Not all versions of SNMP provide features
for such a secure environment.
SNMPv1 by itself is not a secure environment. Even if the network
itself is secure (for example by using IPsec), even then, there is no
control as to who on the secure network is allowed to access and GET/
SET (read/change/create/delete) the objects in this MIB.
It is recommended that the implementers consider the security
features as provided by the SNMPv3 framework. Specifically, the use
of the User-based Security Model [RFC3414] and the View-based Access
Control Model [RFC3415] is recommended.
It is then a customer/user responsibility to ensure that the SNMP
entity giving access to an instance of this MIB, is properly
configured to give access to the objects only to those principals
(users) that have legitimate rights to indeed GET or SET (change/
create/delete) them.
Asai, et al. Expires January 5, 2015 [Page 49]
Internet-Draft Virtual Machine Monitoring MIB July 2014
9. Acknowledgements
The authors like to thank Joe Marcus Clarke, Randy Presuhn, David
Black, Joel Jaeggli, Tom Petch, Andy Bierman, and C. M. Heard for
providing helpful comments during the development of this
specification.
Juergen Schoenwaelder was partly funded by Flamingo, a Network of
Excellence project (ICT-318488) supported by the European Commission
under its Seventh Framework Programme.
Asai, et al. Expires January 5, 2015 [Page 50]
Internet-Draft Virtual Machine Monitoring MIB July 2014
10. References
10.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J.
Schoenwaelder, Ed., "Structure of Management Information
Version 2 (SMIv2)", STD 58, RFC 2578, April 1999.
[RFC2579] McCloghrie, K., Ed., Perkins, D., Ed., and J.
Schoenwaelder, Ed., "Textual Conventions for SMIv2",
STD 58, RFC 2579, April 1999.
[RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder,
"Conformance Statements for SMIv2", STD 58, RFC 2580,
April 1999.
[RFC2790] Waldbusser, S. and P. Grillo, "Host Resources MIB",
RFC 2790, March 2000.
[RFC2863] McCloghrie, K. and F. Kastenholz, "The Interfaces Group
MIB", RFC 2863, June 2000.
[RFC3413] Levi, D., Meyer, P., and B. Stewart, "Simple Network
Management Protocol (SNMP) Applications", STD 62,
RFC 3413, December 2002.
[RFC3414] Blumenthal, U. and B. Wijnen, "User-based Security Model
(USM) for version 3 of the Simple Network Management
Protocol (SNMPv3)", STD 62, RFC 3414, December 2002.
[RFC3415] Wijnen, B., Presuhn, R., and K. McCloghrie, "View-based
Access Control Model (VACM) for the Simple Network
Management Protocol (SNMP)", STD 62, RFC 3415,
December 2002.
[RFC3418] Presuhn, R., "Management Information Base (MIB) for the
Simple Network Management Protocol (SNMP)", STD 62,
RFC 3418, December 2002.
[RFC4122] Leach, P., Mealling, M., and R. Salz, "A Universally
Unique IDentifier (UUID) URN Namespace", RFC 4122,
July 2005.
[RFC6933] Bierman, A., Romascanu, D., Quittek, J., and M.
Chandramouli, "Entity MIB (Version 4)", RFC 6933,
Asai, et al. Expires January 5, 2015 [Page 51]
Internet-Draft Virtual Machine Monitoring MIB July 2014
May 2013.
10.2. Informative References
[RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart,
"Introduction and Applicability Statements for Internet-
Standard Management Framework", RFC 3410, December 2002.
[IEEE8021-BRIDGE-MIB]
IEEE, "IEEE8021-BRIDGE-MIB", <http://www.ieee802.org/1/
files/public/MIBs/IEEE8021-BRIDGE-MIB-200810150000Z.txt>.
[IEEE8021-Q-BRIDGE-MIB]
IEEE, "IEEE8021-BRIDGE-MIB", <http://www.ieee802.org/1/
files/public/MIBs/
IEEE8021-Q-BRIDGE-MIB-200810150000Z.txt>.
Asai, et al. Expires January 5, 2015 [Page 52]
Internet-Draft Virtual Machine Monitoring MIB July 2014
Appendix A. State Transition Table
+--------------+----------------+--------------+--------------------+
| State | Change to | Next state | Notification |
| | vmAdminState | | |
| | at the | | |
| | hypervisor or | | |
| | (Event) | | |
+--------------+----------------+--------------+--------------------+
| suspended | running | resuming | vmResuming | |
| | | | vmBulkResuming |
| | | | |
| suspending | (suspend | suspended | vmSuspended | |
| | operation | | vmBulkSuspended |
| | completed) | | |
| | | | |
| running | suspended | suspending | vmSuspending | |
| | | | vmBulkSuspending |
| | | | |
| | shutdown | shuttingdown | vmShuttingdown | |
| | | | vmBulkShuttingdown |
| | | | |
| | destroy | shutdown | vmShutdown | |
| | | | vmBulkShutdown |
| | | | |
| | (migration to | migrating | vmMigrating | |
| | other | | vmBulkMingrating |
| | hypervisor | | |
| | initiated) | | |
| | | | |
| resuming | (resume | running | vmRunning | |
| | opeartion | | vmBulkRunning |
| | completed) | | |
| | | | |
| paused | running | running | vmRunning | |
| | | | vmBulkRunning |
| | | | |
| shuttingdown | (shutdown | shutdown | vmShutdown | |
| | operation | | vmBulkShutdown |
| | completed) | | |
| | | | |
| shutdown | running | running | vmRunning | |
| | | | vmBulkRunning |
| | | | |
Asai, et al. Expires January 5, 2015 [Page 53]
Internet-Draft Virtual Machine Monitoring MIB July 2014
| | (if this state | migrating | vmMigrating | |
| | entry is | | vmBulkMigrating |
| | created by a | | |
| | migration | | |
| | operation (*) | | |
| | | | |
| | (deletion | (no state) | vmDeleted | |
| | operation | | vmBulkDeleted |
| | completed) | | |
| | | | |
| migrating | (migration | running | vmRunning | |
| | from other | | vmBulkRunning |
| | hypervisor | | |
| | completed) | | |
| | | | |
| | (migration to | shutdown | vmShutdown | |
| | other | | vmBulkShutdown |
| | hypervisor | | |
| | completed) | | |
| | | | |
| preparing | (preparation | shutdown | vmShutdown | |
| | completed) | | vmBulkShutdown |
| | | | |
| blocked | (blocking | (previous | - |
| | operation | state) | |
| | completed) | | |
| | | | |
| crashed | - | - | - |
| | | | |
| (any) | (blocking | blocked | vmBlocked | |
| | operation | | vmBulkBlocked |
| | initiated) | | |
| | | | |
| | (crashed) | crashed | vmCrashed | |
| | | | vmBulkCrashed |
| | | | |
| (no state) | (preparation | preparing | - |
| | initiated) | | |
| | | | |
| | (migrate from | shutdown (*) | vmShutdown | |
| | other | | vmBulkShutdown |
| | hypervisor | | |
| | initiated) | | |
+--------------+----------------+--------------+--------------------+
State transition table for vmOperState
Asai, et al. Expires January 5, 2015 [Page 54]
Internet-Draft Virtual Machine Monitoring MIB July 2014
Authors' Addresses
Hirochika Asai
The University of Tokyo
7-3-1 Hongo
Bunkyo-ku, Tokyo 113-8656
JP
Phone: +81 3 5841 6748
Email: panda@hongo.wide.ad.jp
Michael MacFaden
VMware Inc.
Email: mrm@vmware.com
Juergen Schoenwaelder
Jacobs University
Campus Ring 1
Bremen 28759
Germany
Email: j.schoenwaelder@jacobs-university.de
Keiichi Shima
IIJ Innovation Institute Inc.
3-13 Kanda-Nishikicho
Chiyoda-ku, Tokyo 101-0054
JP
Email: keiichi@iijlab.net
Tina Tsou
Huawei Technologies (USA)
2330 Central Expressway
Santa Clara CA 95050
USA
Email: tina.tsou.zouting@huawei.com
Asai, et al. Expires January 5, 2015 [Page 55]
Internet-Draft Virtual Machine Monitoring MIB July 2014
Yuji Sekiya
The University of Tokyo
2-11-16 Yayoi
Bunkyo-ku, Tokyo 113-8658
JP
Email: sekiya@wide.ad.jp
Cathy Zhou
Huawei Technologies
Bantian, Longgang District
Shenzhen 518129
P.R. China
Email: cathyzhou@huawei.com
Hiroshi Esaki
The University of Tokyo
7-3-1 Hongo
Bunkyo-ku, Tokyo 113-8656
JP
Phone: +81 3 5841 6748
Email: hiroshi@wide.ad.jp
Asai, et al. Expires January 5, 2015 [Page 56]