[OmniOS-discuss] Encryption options
Machine Man
gearboxes at outlook.com
Fri Aug 4 00:32:07 UTC 2017
I didn’t spend too much time researching using lofi as a block device, there isn't much info either. Now add zones to mix since the destination side is zones and no information is available.
Encryption remains this stumbling block that seems to be getting bigger and bigger every year based on requirements.
I ill have to spend ample time with lofi on my test gear and try to figure something out.
Sent from my Windows 10 phone
From: Jim Klimov<mailto:jimklimov at cos.ru>
Sent: Thursday, August 3, 2017 13:12
To: omnios-discuss at lists.omniti.com<mailto:omnios-discuss at lists.omniti.com>; Machine Man<mailto:gearboxes at outlook.com>; omnios-discuss at lists.omniti.com<mailto:omnios-discuss at lists.omniti.com>
Subject: Re: [OmniOS-discuss] Encryption options
On August 3, 2017 5:50:32 PM GMT+02:00, Machine Man <gearboxes at outlook.com> wrote:
>Currently I have a few of deployments of OmniOS at remote sites hosing
>2 - 7 VMs per site and replicate snapshots of the VMs to a central
>server at a hosting location.
>My customers are starting to get pressure that the local and backup
>data is not encrypted at rest and its becoming critical for them to
>take on new clients.
>
>I know lofi is an option, but I don't know how replicating incremental
>snapshots is going to work and also it looks like I will have to switch
>to files for the VMs instead of using block volumes.
>
>Does KVM on IllumOS support TPM? I also cant really find any info on
>this. I dont use ZFS dedup and have no plans really either.
>
>Any feedback is appreciated.
>
>Sent from Windows Mail
Just wondering: is it an option to have an encrypted lofi in a zfs volume, as the block device for VM storage? Then it's replication of snapshots of this volume, keys not included.
For files, you can always dedicate a filesystem dataset per VM (configs, disks, etc) and snapshot/replicate that, individually.
--
Typos courtesy of K-9 Mail on my Android
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omniosce.org/ml-archive/attachments/20170804/4e8ffc99/attachment.html>
More information about the OmniOS-discuss
mailing list