openstack team mailing list archive

Thread
Date

Re: Encrypted virtual machines

To: Matt Joyce <matt@xxxxxxxxxxxxxxx>
From: "Daniel P. Berrange" <berrange@xxxxxxxxxx>
Date: Thu, 26 Apr 2012 17:53:36 +0100
Cc: openstack@xxxxxxxxxxxxxxxxxxx
In-reply-to: <CAP_sDUFN65Bcpfcsv3ZskjVfyD9X+omynVKPh0wTR+nvuHT5dw@mail.gmail.com>
Reply-to: "Daniel P. Berrange" <berrange@xxxxxxxxxx>
User-agent: Mutt/1.5.21 (2010-09-15)

On Thu, Apr 26, 2012 at 09:05:41AM -0700, Matt Joyce wrote:
> From a security stand point I am curious what you see the benefit as?

Consider that you might have separate people in your data center
managing the virtualization hosts, vs the storage hosts vs the
network. As it standards today any of those groups of people can
compromise data stored in a VM disk image (assuming a network based
filesystem).

First you encrypt the disk image, so that a person with access
to the storage hosts, or network sniffing can't read any data. Then
you have a central key server that only gives out the decryption key
to Nova compute nodes when they have been explicitly authorized to
run an instance of that VM.

So now people with access to the storage hosts cannot compromise
any data. People with access to the virtualization hosts can only
compromise data if the host has been authorized to use that disk
image

You would need to compromise the precise host the VM disk is being
used on, or compromise the key server or the management service
that schedules VMs (thus authorizing key usage on a node).

NB this is better than relying on the guest OS to do encryption,
since you can do stricter decryption key management from the
host side.

> On Thu, Apr 26, 2012 at 8:53 AM, Michael Grosser <dev@xxxxxxxxxxxxxxxxxx> wrote:
> > Hey,
> >
> > I'm following the openstack development for some time now and I was
> > wondering if there was a solution to spin up encrypted virtual machines by
> > default and if it would be a huge performance blow.
> >
> > Any ideas?

I would like to extend the libvirt driver in Nova to make use of the qcow2
encryption capabilities between libvirt & QEMU which I describe here:

  http://berrange.com/posts/2009/12/02/using-qcow2-disk-encryption-with-libvirt-in-fedora-12/

Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|

Follow ups

Re: Encrypted virtual machines
From: Matt Joyce, 2012-04-26

References

Encrypted virtual machines
From: Michael Grosser, 2012-04-26
Re: Encrypted virtual machines
From: Matt Joyce, 2012-04-26