[Engine-devel] Open Attestation integration with oVirt engine proposal, how to improve engine's performance?

[Chen, Wei D]

Open Attestation is a project aim to enable basic open sourced SDK with Intel TXT technology to get node's trustworthiness in a cloud usage environment. Integration Open Attestation with Ovirt will definitely provide a more secure cloud ecosystem which will give end user a choice of whether guest virtual machine need launch on a trusted host server or not. 

Initially, we want to attest the host's trustworthiness every time when every guest virtual machine launch on the host, thanks to Doron Fediuck's reminding, we just need attest the host at the first request and cache the result for subsequent requests is enough, further, we want to bring down server's response time in case of large concurrence request. To resolve/improve engine's performance, we decide to tackle this issue by caching all of node's trustworthiness while the first guest virtual machine's launching, this will take a little longer before its running. Node's trustworthiness would be stored in database or just in system memory, the value will be effective within one hour or so, of course, the period of validity could be configured, node's status need to be updated in the case of end user reboot the virtual machine and the duration exceed valid time. 

Does this acceptable and any good suggestion?

Some details can be found in this link: http://wiki.ovirt.org/Trusted_compute_pools


Best Regards,
Dave Chen