WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] encrypted virtual machines

To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] encrypted virtual machines
From: Steve Allison <xen-users@xxxxxxxxxxxxxxxxxx>
Date: Thu, 16 Jun 2011 16:25:35 +0100
Delivery-date: Thu, 16 Jun 2011 08:27:00 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <4DF9F3BF.6060900@xxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <4DF9F3BF.6060900@xxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.17) Gecko/20110414 Lightning/1.0b2 Thunderbird/3.1.10
On 16/06/2011 13:14, David Oros wrote:
Hi all,

I am looking everywhere but cannot find such a nice solution. I need to create lots of encrypted PV domUs. I find some how tos, but for such 15 domUs it will be mess.

I am using XEN 4 and LV as disk for every machine. I also tried to install HVM machine a set up encrypted disk via installation steps but actually, I can read some data from this LV under HVM encrypted machine.

Has anybody some advices?

Thanks in advance.

Regards,

The way I usually do encrypted guests is to encrypt the partition on the host, mount the encrypted volume and then create volume groups within that.

ie.
Create a raid1 array, call it /dev/md0
Encrypt this block device with truecrypt and mount it
pcreate /dev/mapper/truecrypt0 and vgcreate/lvcreate from here.

This makes the process much simpler as the encryption is at a lower level, and you can handle the guests with direct LVMs

Even if you decide not to do it this way, truecrypt created block devices in /dev/mapper so you can point your configs at that.

HTH

--
May the ping be with you ..


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

<Prev in Thread] Current Thread [Next in Thread>