[openstack-dev] any blueprints for encrypt/decrypt of volumes?

Bhandaru, Malini K malini.k.bhandaru at intel.com
Wed Nov 14 22:33:37 UTC 2012


Hello All!

Do we have any brueprints for encrypt/decrypt of volumes in Openstack/Cinder?
Any pointers to work that is already in progress? Players?

Would there be interest in having such a feature in Cinder out of the box?


Intel hardware has special instructions, AES_NI for speedy encrypt/decrypt and open source libraries
To speed encrypt/decrypt for data at rest. 

http://download.intel.com/design/intarch/PAPERS/324310.pdf

http://www.truecrypt.org/docs/?s=hardware-acceleration

Some initial thoughts:

1) Extend API to request for encryption
2) Save keys as part of user's authorization token (encrypted)
3) During volume creation request for a machine with encryption support  
            Hardware  
            Software  (default)
    (could be along the lines of Instance creation extra spec  on a trusted host)
4) Explore industry best of breed (Ceph, Zadara, NetApp, Nexenta  ..) to offer an API that is open and useable across the board

Regards
Malini






More information about the OpenStack-dev mailing list