[openstack-dev] any blueprints for encrypt/decrypt of volumes?
Bhandaru, Malini K
malini.k.bhandaru at intel.com
Wed Nov 14 22:33:37 UTC 2012
Hello All!
Do we have any brueprints for encrypt/decrypt of volumes in Openstack/Cinder?
Any pointers to work that is already in progress? Players?
Would there be interest in having such a feature in Cinder out of the box?
Intel hardware has special instructions, AES_NI for speedy encrypt/decrypt and open source libraries
To speed encrypt/decrypt for data at rest.
http://download.intel.com/design/intarch/PAPERS/324310.pdf
http://www.truecrypt.org/docs/?s=hardware-acceleration
Some initial thoughts:
1) Extend API to request for encryption
2) Save keys as part of user's authorization token (encrypted)
3) During volume creation request for a machine with encryption support
Hardware
Software (default)
(could be along the lines of Instance creation extra spec on a trusted host)
4) Explore industry best of breed (Ceph, Zadara, NetApp, Nexenta ..) to offer an API that is open and useable across the board
Regards
Malini
More information about the OpenStack-dev
mailing list