[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Xen-users] Vm Encrypted

James Dingwall wrote:
>>> Is it possible to encrypt a VM ? 
>> Is it just the disk you want to encrypt?  That should be no problem
>> you would need to decide if you want to do it in dom0 or the domU.
>> you do it in the dom0 then it would have an advantage of working with
>> operating systems (if you do hvm) that don't support disk encryption
>> natively.  You probably want to look at dm-crypt
>> http://www.saout.de/tikiwiki/tiki-index.php or similar.
>> James
>If one encrypts a VM, would you need to supply the decryption key 
>everytime the server reboots in order to get the VM working again?

If you encrypt at dom0 level then you would only need to supply the key
at dom0 boot.  The fact that the block device is encrypted would be
totally transparent to the domU.  If you are suggesting not having to
supply the key when the dom0 boots then what are you looking to guard
against?  I think dm-crypt can grab a decryption key from external
devices, e.g. a usb key but that would still need to be plugged in to
the server.


This message and the information contained herein is proprietary and 
confidential and subject to the Amdocs policy statement,
you may review at http://www.amdocs.com/email_disclaimer.asp

Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.