[openstack-dev] [cinder][nova]Move encryptors to os-brick
Nathan Reller
nathan.s.reller at gmail.com
Tue Nov 24 20:27:22 UTC 2015
> the cinder admin and the nova admin are ALWAYS the same people
There is interest in hybrid clouds where the Nova and Cinder services
are managed by different providers. The customer would place higher
trust in Nova because you must trust the compute service, and the
customer would place less trust in Cinder. One way to achieve this
would be to have all encryption done by Nova. Cinder would simply see
encrypted data and provide a good cheap storage solution for data.
Consider a company with sensitive data. They can run the compute nodes
themselves and offload Cinder service to some third-party service.
This way they are the only ones who can manage the machines that see
the plaintext.
-Nate
More information about the OpenStack-dev
mailing list