Encryption, paranoia and virtual machines
Digimer
linux-5ZoueyuiTZhBDgjK7y7TUQ at public.gmane.org
Fri Nov 25 17:32:36 UTC 2011
On 11/25/2011 10:33 AM, Digimer wrote:
> On 11/25/2011 10:23 AM, Neil Watson wrote:
>> Greetings,
>>
>> A somewhat theoretical situation. You are considering renting a physical
>> host and rack space. The plan being to generate a few virtual machines
>> for internet services. Getting a reliable host in a reliable data centre
>> is attractive. However, you have never been comfortable with others
>> having such close physical access to your data.
>>
>> Whole disk encryption may be a solution. Does one encrypt the physical
>> host only or the virtual hosts or both? What are the options for
>> protecting your data?
>>
>> Sincerely,
>
> Some hosts, like us, rent 1/8th racks for customers who want private,
> locked space.
>
> Setting that aside; I've taken to creating unencrypted KVM VM hosts and
> then creating encrypted LVM LV's to create the servers I care about.
> This way, I can remote boot a host machine and get SSH access, then use
> that ssh access to enter the LV's passphrase.
>
> Alternatively, I leave the LVs as-is and do full disk encryption inside
> the VM.
>
If you do the encryption inside the VM (rather than the LV backing it),
this should no longer be a concern.
--
Digimer
E-Mail: digimer-5ZoueyuiTZhBDgjK7y7TUQ at public.gmane.org
Freenode handle: digimer
Papers and Projects: http://alteeve.com
Node Assassin: http://nodeassassin.org
"omg my singularity battery is dead again.
stupid hawking radiation." - epitron
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list