Permalink
Browse files

added note about how the kvm ebtables protection is only possible whe…

…n there is one KVM virtual machine at a time on each VMM
  • Loading branch information...
1 parent 9d05e48 commit 0bc6e89a4dc220c060cc86e553f516f3c8a47311 @timf timf committed Dec 31, 2009
Showing with 16 additions and 0 deletions.
  1. +16 −0 docs/src/admin/quickstart.html
@@ -989,6 +989,22 @@
</p>
<p>
+ The Xen ebtables script is configured by default.
+ If you are using KVM, you must configure the "kvm-ebtables-config.sh"
+ script in two places. First in the sudo rules so that it can be invoked
+ (see workspace-control's "sudo.conf" file for details). Second, in
+ workspace-control's "networks.conf" file.
+</p>
+
+<p>
+ <b>Note:</b> currently the KVM ebtables script can only support spoofing
+ protection when there is one KVM virtual machine running at a time on
+ each VMM node (this is the most common deployment configuration for sites
+ supporting science). Nimbus' Xen support allows many guest VMs to be
+ running while also ensuring there is no MAC and IP address spoofing.
+</p>
+
+<p>
You may need to comment out any "requiretty" setting in the sudoers policy:
</p>

0 comments on commit 0bc6e89

Please sign in to comment.