Where I work, we’re using XenServer to easily create and manage our VM. Some of our servers are quite old, and we bought new ones to replace them and we needed to migrate our VM.

Since the first architect didn’t think of setting up pools of XenServer to beneficiate from all the feature of XenServer like migrating a VM quickly from a machine to another; we had to find another way to do this.

The first idea was the migrate command but we couldn’t make it work then we thought of manually exporting the VM to a physical hard drive and doing to transfer in the data centre… quite a loss of time especially when we have a lot of VM to migrate.

One of our sysadmin then found migrate-VM, a small Perl tool that use the XenAPI RPC to trigger an export on one machine and import on the other. The basic idea is to open a socket on the export machine, read from it “the VM” and write it on a socket on the import machine.

GitHub Reposidget for WordPress

djamps / migrate-vm

This repository doesn't have description or homepage.

Issues

The major issue with the current migrate-vm is the lack of SSL for the RPC or even the transfer of the VM and also the fact that the provided binary on the author blog is only for a 32bit machine were our newer XenServer are 64 bits.

Solution

I took the time to update the script to use an SSL connection for the RPC Since all the XenServer from 6.1 (maybe older, but we tried with a 6.1) have a stunnel running to proxy SSL traffic the XenAPI service. I also added a flag to the command to make the transfer use SSL connections too.

GitHub Reposidget for WordPress

Belphemur / migrate-vm

This repository doesn't have description or homepage.

Benchmarking

With only the SSL for the RPC calls, we keep a good speed without risking our credentials to be compromised: throughput around 50Mbps on a Gbps network.

With the ssl flag activated, to make the transfer use SSL: 10 Mbps max.

As you can see, the speed get reduced by a factor of 5, this is because the perl script will take a full core just to work on the Encryption/Decryption of the SSL traffic for the transfer (which is mostly big chunk of binary).

End words

I have a pull request that should (at the moment you’re reading this post) be merged in the main repository. Also, keep in mind you can only transfer VM that aren’t running else the script will fail.