Open Stack

I thought of some additional issues that need to be addressed:


1)      How does encryption relate to snapshots?
Is the snapshot encrypted with the same key as the volume?
Not doing so would force snapshot creation to be a very time consuming operation.
The most efficient snapshots are ZFS style where the current blocks are just frozen,
which would mean they are still encrypted. Accessing the snapshot requires access
to the key that the volume used. How will this be tracked? How do we prevent the
key from being deleted while there are snapshots that still rely on it?

2)      Is this compatible with thin provisioning of clone copies (especially for local volumes)?
Is a thinly provisioned clone copy required to use the same key as the snapshot it was
based upon?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20121228/82cf48b1/attachment.html>