[OmniOS-discuss] Encryption options
Jim Klimov
jimklimov at cos.ru
Thu Aug 3 17:07:30 UTC 2017
On August 3, 2017 5:50:32 PM GMT+02:00, Machine Man <gearboxes at outlook.com> wrote:
>Currently I have a few of deployments of OmniOS at remote sites hosing
>2 - 7 VMs per site and replicate snapshots of the VMs to a central
>server at a hosting location.
>My customers are starting to get pressure that the local and backup
>data is not encrypted at rest and its becoming critical for them to
>take on new clients.
>
>I know lofi is an option, but I don't know how replicating incremental
>snapshots is going to work and also it looks like I will have to switch
>to files for the VMs instead of using block volumes.
>
>Does KVM on IllumOS support TPM? I also cant really find any info on
>this. I dont use ZFS dedup and have no plans really either.
>
>Any feedback is appreciated.
>
>Sent from Windows Mail
Just wondering: is it an option to have an encrypted lofi in a zfs volume, as the block device for VM storage? Then it's replication of snapshots of this volume, keys not included.
For files, you can always dedicate a filesystem dataset per VM (configs, disks, etc) and snapshot/replicate that, individually.
--
Typos courtesy of K-9 Mail on my Android
More information about the OmniOS-discuss
mailing list