Encryption, paranoia and virtual machines
Digimer
linux-5ZoueyuiTZhBDgjK7y7TUQ at public.gmane.org
Fri Nov 25 15:33:05 UTC 2011
On 11/25/2011 10:23 AM, Neil Watson wrote:
> Greetings,
>
> A somewhat theoretical situation. You are considering renting a physical
> host and rack space. The plan being to generate a few virtual machines
> for internet services. Getting a reliable host in a reliable data centre
> is attractive. However, you have never been comfortable with others
> having such close physical access to your data.
>
> Whole disk encryption may be a solution. Does one encrypt the physical
> host only or the virtual hosts or both? What are the options for
> protecting your data?
>
> Sincerely,
Some hosts, like us, rent 1/8th racks for customers who want private,
locked space.
Setting that aside; I've taken to creating unencrypted KVM VM hosts and
then creating encrypted LVM LV's to create the servers I care about.
This way, I can remote boot a host machine and get SSH access, then use
that ssh access to enter the LV's passphrase.
Alternatively, I leave the LVs as-is and do full disk encryption inside
the VM.
--
Digimer
E-Mail: digimer-5ZoueyuiTZhBDgjK7y7TUQ at public.gmane.org
Freenode handle: digimer
Papers and Projects: http://alteeve.com
Node Assassin: http://nodeassassin.org
"omg my singularity battery is dead again.
stupid hawking radiation." - epitron
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list