[PVE-User] VM encryption and high availability

Alex Chekholko alex at calicolabs.com
Fri Oct 5 19:35:47 CEST 2018


Hi,

I obviously have not tried it, but if you compile a pre-release version of
ZFS on Linux with the encryption support, then from the point of view of
PVE it should be a regular ZFS pool with regular zvols and the encryption
key will only be in the memory of your PVE server and the owner of the
iscsi storage will not be able to decrypt the data.

slightly out of date example:
https://blog.heckel.xyz/2017/01/08/zfs-encryption-openzfs-zfs-on-linux/

I think you'd start with compiling the 0.8.0 rc1:
https://github.com/zfsonlinux/zfs/tree/zfs-0.8.0-rc1

Regards,
Alex

On Fri, Oct 5, 2018 at 7:55 AM Martin LEUSCH <sce.tech at imereos.fr> wrote:

> Hi,
>
> I have a Proxmox cluster and use LVM over iSCSI as storage. As I didn't
> own the iSCSI server, I plane to encrypt some disk image to increase
> confidentiality.
>
> Firstly, I didn't found a way to encrypt iSCSI target or LVM logical
> volume and use them in Proxmox, is there a way to achieve that? What
> about ZFS over iSCSI or other configuration?
>
> An other way is to encrypt data at the guest OS level by using LUKS for
> data partition for example but my VMs need to start without any manual
> action to keep high availability on my VMs. Are there any tools that can
> help to keep LUKS keys in secure location?
>
> Any other suggestion to do encryption with Proxmox?
>
> Sincerely,
> Martin
> _______________________________________________
> pve-user mailing list
> pve-user at pve.proxmox.com
> https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
>


More information about the pve-user mailing list