Allow admins to secure libvirt by enabling TLS or SSH-based live migration. When this is enabled, the migration will also be tunneled through libvirt, so it is no longer required to open ports 49152 - 49216.
Add an agent.properties parameter allowing the admin to specify whether they want to use TLS or SSH based migration connection, then use that parameter to craft the libvirt connection used for migration.
e.g.
vm.migrate.uri.type=ssh
or
vm.migrate.uri.type=tls
additionally, support option to specify a user for ssh:
vm.migrate.ssh.user=migrateuser