Re: [Engine-devel] Design wiki page for trusted compute pools integration with oVirt has been updated

From: "Itamar Heim" <iheim(a)redhat.com&gt; To: "Ofri Masad" <omasad(a)redhat.com&gt; Cc: "Oved Ourfalli" <ovedo(a)redhat.com&gt;, "Wei D Chen" <wei.d.chen(a)intel.com&gt;, engine-devel(a)ovirt.org Sent: Sunday, April 21, 2013 10:20:17 AM Subject: Re: [Engine-devel] Design wiki page for trusted compute pools integration with oVirt has been updated On 04/21/2013 10:13 AM, Ofri Masad wrote: > Hi, > One more thing we need to think about for the second approach - aggregated > query. On engine start we need to determine the trust state of all the > hosts. sending a separate query for each host will overload the > attestation host and the network. an initial aggregated query needs to be > send when the engine starts. > Same thing can happen after management network fail and so on. > Maybe we can run a quartz job every x minutes, checking if a large part of > the hosts in the cluster (like 30%) are untrusted - in that case run the > aggregated query. are we sure this optimization is needed? how heavy/latent is the call to the attestation service?