CLOUDSTACK-10333: Update docs per secure live VM migration Signed-off-by: Rohit Yadav <rohit@apache.org>

commit: c0a48d8648e71ba0e328698981aa49242ecf8844 [log] [tgz]
author: Rohit Yadav <rohit@apache.org> Tue Mar 27 14:11:48 2018 +0530
committer: Rohit Yadav <rohit@apache.org> Tue Mar 27 14:11:48 2018 +0530
tree: d150505609532683151089a094e8ea3e110ac6f4
parent: 079eac046ac9f912ca916c114f7e3a26843eb69b [diff]
diff --git a/source/hosts.rst b/source/hosts.rst
index 4ea93ee..70d8da5 100644
--- a/source/hosts.rst
+++ b/source/hosts.rst

@@ -740,3 +740,10 @@
    keystore-setup <properties file> <keystore file> <passphrase> <validity> <csr file>
 
    keystore-cert-import <properties file> <keystore file> <mode: ssh|agent> <cert file> <cert content> <ca-cert file> <ca-cert content> <private-key file> <private key content:optional>
+
+Starting 4.11.1, a KVM host is considered secured when it has its keystore and
+certificates setup for both the agent and libvirtd process. A secured host will
+only allow and initiate TLS enabled live VM migration. This requires libvirtd
+to listen on default port 16514, and the port to be allowed in the firewall
+rules. Certificate renewal (using the `provisionCertificate` API) will restart
+both the libvirtd process and agent after deploying new certificates.
commit	c0a48d8648e71ba0e328698981aa49242ecf8844	[log] [tgz]
author	Rohit Yadav <rohit@apache.org>	Tue Mar 27 14:11:48 2018 +0530
committer	Rohit Yadav <rohit@apache.org>	Tue Mar 27 14:11:48 2018 +0530
tree	d150505609532683151089a094e8ea3e110ac6f4
parent	079eac046ac9f912ca916c114f7e3a26843eb69b [diff]