VM Migration

In modern cloud architectures, VM migration, especially live VM migration, is a common feature used for load balancing, host system maintenance, and other purposes. All SEV technologies, including SEV-SNP, support VM migration, but SEV-SNP enhances the flexibility associated with this process.

In SEV and SEV-ES, VM migration was governed by a policy supplied by the guest owner. This policy specified whether the VM was migratable and, if so, to which type of systems. The AMD-SP was responsible for enforcing this migration policy by authenticating the AMD-SP on the destination machine before initiating the migration.

In SEV-SNP, the task of migration policy enforcement has been delegated to a new entity known as the Migration Agent (MA). The MA itself is an SEV-SNP VM running on the same physical system as the primary VM. During VM launch, the primary VM can optionally be associated with a running MA, and this information is present in its attestation report as the MA is part of the guest's Trusted Computing Base (TCB). Each VM can only be associated with a single MA, but a single MA can manage the migration of multiple VMs.

The MA is responsible for determining which systems the primary VM can migrate to. While the detailed architecture of the MA is beyond the scope of this document, it can implement complex migration policies using various methods.

In a typical cloud scenario, the MA itself is not migratable. Instead, a separate instance of the MA runs on each physical machine. When a VM is about to migrate, the MA on the source machine authenticates the MA on the destination machine and establishes a protected network connection. Upon successful authentication, the MA transfers the required guest information so that the guest can be reconstituted on the new machine.

It's important to note that the flexibility of the MA allows for scenarios where both the source and destination machines need not be online simultaneously. When a VM is paused, its state can be exported to its associated MA. The MA can then choose to move this state to another MA immediately for live migration or hold onto it or store it for the long term. Later, the VM can be reconstituted on the same machine or another one, as determined by the MA. This approach provides greater control and adaptability in managing VM migration in cloud environments.