O slideshow foi denunciado.
Seu SlideShare está sendo baixado. ×

Volume Encryption In CloudStack

Anúncio
Anúncio
Anúncio
Anúncio
Anúncio
Anúncio
Anúncio
Anúncio
Anúncio
Anúncio
Próximos SlideShares
Automated CloudStack Deployment
Automated CloudStack Deployment
Carregando em…3
×

Confira estes a seguir

1 de 17 Anúncio

Volume Encryption In CloudStack

Baixar para ler offline

In this talk, Vladi looks at the new Volume encryption option (due in CloudStack 4.18). He presents the new ability to use encrypted root and data volumes on different storage types, the benefits and the current limitations of the implementation.

Vladimir Petrov is a QA engineer with more than 20 years of experience in the IT field. He is using and testing Apache CloudStack for almost 3 years now. Currently working as a QA Engineer in ShapeBlue.

-----------------------------------------

CloudStack Collaboration Conference 2022 took place on 14th-16th November in Sofia, Bulgaria and virtually. The day saw a hybrid get-together of the global CloudStack community hosting 370 attendees. The event hosted 43 sessions from leading CloudStack experts, users and skilful engineers from the open-source world, which included: technical talks, user stories, new features and integrations presentations and more.

In this talk, Vladi looks at the new Volume encryption option (due in CloudStack 4.18). He presents the new ability to use encrypted root and data volumes on different storage types, the benefits and the current limitations of the implementation.

Vladimir Petrov is a QA engineer with more than 20 years of experience in the IT field. He is using and testing Apache CloudStack for almost 3 years now. Currently working as a QA Engineer in ShapeBlue.

-----------------------------------------

CloudStack Collaboration Conference 2022 took place on 14th-16th November in Sofia, Bulgaria and virtually. The day saw a hybrid get-together of the global CloudStack community hosting 370 attendees. The event hosted 43 sessions from leading CloudStack experts, users and skilful engineers from the open-source world, which included: technical talks, user stories, new features and integrations presentations and more.

Anúncio
Anúncio

Mais Conteúdo rRelacionado

Mais de ShapeBlue (20)

Mais recentes (20)

Anúncio

Volume Encryption In CloudStack

  1. 1. Apache CloudStack Volume encryption Vladimir Petrov
  2. 2. About me l Living in Sofia, father of two boys l Software engineer in test @ShapeBlue l 20+ years professional experience in the IT field l Almost 3 years working with CloudStack on a daily basis
  3. 3. Agenda l Introduction l Requirements l Details l Supported and unsupported operations l Hosts preparation l Service and disk offerings l Q&A
  4. 4. Introduction l Coming in the next ACS LTS release 4.18 l Created by Marcus Sorensen from Apple and Suresh Anaparti l Transparent to the guest OS l Both root and data volumes can be encrypted l Two parts implementation: - API/UI changes - Storage driver l First implementation phase
  5. 5. Requirements l Currently only KVM hypervisor is supported l QEMU-EV v2.6+ is required l Supported storage types: - Local storage - NFS - PowerFlex/ScaleIO - Shared mountpoint
  6. 6. Details l Simplifies the process of keys management l The passphrase is stored in the database, encrypted with the CloudStack’s standard configured DB encryption. l qcow2 based storage – qemu-img is used to setup the file with LUKS encryption l Block based storages (currently just ScaleIO) – cryptsetup utility is used to format the block device as LUKS for data disks but qemu-img is used for template copy l The used cipher is XTS-AES 256 which is a leading industry standard
  7. 7. VM operations l Supported VM operations: - Start/Stop - Reboot - Reinstall - Expunge/recover - Scale up - Migrate running instance to another host
  8. 8. VM operations l Unsupported VM operations: - VM Snapshot - Volume snapshot - Recurring snapshot
  9. 9. Volume operations l Supported volume operations: - Attach/detach encrypted volume - Volume snapshot (stopped VM) - Revert to snapshot - Resize - Delete
  10. 10. Volume operations l Unsupported volume operations: - Download volume - Migrate volume - Recurring snapshots - Create template from encrypted volume snapshot - Create volume from encrypted volume snapshot
  11. 11. Hosts preparation l Install qemu-ev: #yum install -y qemu-kvm-common-ev-2.10.0 qemu-kvm- ev-2.10.0 qemu-img-ev-2.10.0 qemu-kvm-tools-ev-2.10.0 l Install cryptsetup: #yum install cryptsetup l Optional: rngd (EL) or rng-tools (Ubuntu) package for better entropy l Restart the agent
  12. 12. Host encryption support l Verify the host is properly configured
  13. 13. Service offerings l Adding encryption to service offerings
  14. 14. Disk offerings l Adding encryption to disk offerings
  15. 15. Future? l Add support for other hypervisors l Support more VM/volume operations l More storage types support – CEPH, Linbit, StorPool? l Show volume encryption status l Support LUKS2 encryption
  16. 16. Q&A Questions?
  17. 17. Thank you! l Email: vladimir.petrov@shapeblue.com l LinkedIn: https://www.linkedin.com/in/vladimir/

×