Return-Path: X-Original-To: apmail-incubator-cloudstack-dev-archive@minotaur.apache.org Delivered-To: apmail-incubator-cloudstack-dev-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 24A21D0F7 for ; Sat, 20 Oct 2012 09:29:26 +0000 (UTC) Received: (qmail 24214 invoked by uid 500); 20 Oct 2012 09:29:25 -0000 Delivered-To: apmail-incubator-cloudstack-dev-archive@incubator.apache.org Received: (qmail 23756 invoked by uid 500); 20 Oct 2012 09:29:23 -0000 Mailing-List: contact cloudstack-dev-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: cloudstack-dev@incubator.apache.org Delivered-To: mailing list cloudstack-dev@incubator.apache.org Received: (qmail 23694 invoked by uid 99); 20 Oct 2012 09:29:21 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 20 Oct 2012 09:29:21 +0000 X-ASF-Spam-Status: No, hits=1.5 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of ng.tuna@gmail.com designates 209.85.217.175 as permitted sender) Received: from [209.85.217.175] (HELO mail-lb0-f175.google.com) (209.85.217.175) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 20 Oct 2012 09:29:15 +0000 Received: by mail-lb0-f175.google.com with SMTP id y2so740226lbk.6 for ; Sat, 20 Oct 2012 02:28:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=lFV2brrciOHQPrSVFy2hrSQTr+2fWmhfg8nhJAczFWI=; b=K9TWaeaIYc1OPAZsI4SznjAQVVZUHsXsZGa388UQbHRzr/I5XLLs72Y6SYMqQ28NtK UhUISG6Sbzn8c3vRdFvOMeb5Q3SycrNQU3gFkymt7mWUcldy49wmvoKJWfpEHDol5+tE osfrD2YHfvx1ApVq7oO3AUVy0GFC804wlM1nsfOkQiOZF7+OakR6qnh0Hv0Qr889YBYE NjtqpcT3qTyMXM+9U+5toxCdIvIdMNeF6K6XJ4vxHPqjau8C7LEveUSxLBH6SxVgm8ZP MK7wl+ZQHq8/+jR18WPUgZG0OrQHvrqzzjXZIb2kDePZyKjftIU2x36Kq5kMVxg75UJk A2GA== MIME-Version: 1.0 Received: by 10.152.109.145 with SMTP id hs17mr3248771lab.5.1350725334563; Sat, 20 Oct 2012 02:28:54 -0700 (PDT) Received: by 10.112.22.6 with HTTP; Sat, 20 Oct 2012 02:28:54 -0700 (PDT) In-Reply-To: References: Date: Sat, 20 Oct 2012 16:28:54 +0700 Message-ID: Subject: Re: About encrypting data in CloudStack VM. From: Nguyen Anh Tu To: cloudstack-dev@incubator.apache.org Cc: "cloudstack-users@incubator.apache.org" Content-Type: multipart/alternative; boundary=bcaec54ee77cc179b804cc7a3f10 X-Virus-Checked: Checked by ClamAV on apache.org --bcaec54ee77cc179b804cc7a3f10 Content-Type: text/plain; charset=ISO-8859-1 SecureCloud is the commercial product, so I'm not willing to use it. I'd like to deploy my own solution, based on open-source. I'm considering about the flow when users interact with. Some questions: how to secure user private key? how to prevent Cloud Admin to see user data?... @Wido: LUKS is a good choice, but it doesn't support Windows. I'm using TrueCrypt, but still have many things to do. 2012/10/20 Kishore Yerrapragada > Trendmicro's secure cloud (commercial product) has done the integration > with Cloudstack to provide disk encryption. You will have an idea if you > look at that. > > Cheers > Kish. > > Kishore Yerrapragada > Citrix Systems Inc. Ph: 650 479 5325 > > > > > > > On 10/19/12 5:49 AM, "Nguyen Anh Tu" wrote: > > >Hi guys, > > > >I'm thinking about the solution to encrypt VM data (user's data in > >volumes). Who has the idea? I knew that S3 API will be integrated to CS > >4.0, but that's only an option. I'd like to deploy a private solution for > >my cloud. > > > >Thanks for any help. > > > >-- > > > >N.g.U.y.e.N.A.n.H.t.U > > -- N.g.U.y.e.N.A.n.H.t.U --bcaec54ee77cc179b804cc7a3f10--