[openstack-dev] Volume Encryption

Benjamin, Bruce P. Bruce.Benjamin at jhuapl.edu
Thu Dec 20 16:52:35 UTC 2012

A blueprint/spec for encrypting volumes used by VMs is currently being implemented, and we're looking for feedback http://wiki.openstack.org/VolumeEncryption  https://blueprints.launchpad.net/nova/+spec/encrypt-cinder-volumes.  This blueprint provides encryption of VM data before it's written to disk, similar to a self-encrypting drive, but the data will be encrypted in the virtualization host.  The VM will see a normal block storage device.  Transparently encrypting the data outside of VM control removes the potential risk posed by relying on end-users' settings.

Here are several questions to consider:

1)      Does this look useful, and does the blueprint fit in with your OpenStack use cases?

2)      Are there other layers of abstraction required besides the key manager (e.g. KMIP) and the block disk encryption (e.g. dmcrypt) interfaces?

3)      Are there specific tests you'd recommend to augment the standard test suite?

4)      Do you have any feedback about the design?

Any input is appreciated.   Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20121220/05330a61/attachment.html>

More information about the OpenStack-dev mailing list