Disk Encryption at the Service of Confidentiality

Disk encryption is an information protection technology that converts disk data into a code unbreakable for an intruder. It is based on the AES-NI algorithm, and keys are managed as per the KMIP 1.1 standard. All VM disk operations are encrypted on the fly—this ensures high security and reliable data protection from unauthorized access.

All file objects related to a VM—config files (VMX), snapshots, etc.—are encrypted outside the VM so that the guest OS is unable to access the encryption keys. When you move an encrypted VM, all vMotion traffic is encrypted as well.

How does VM Encryption work in Softline vCloud?

To encrypt a virtual machine, just move it to a specialized storage. To do this, select an Encrypted storage in its settings. Move the VM to a storage without the Encrypted tag to decrypt it.

When you launch a VM in an Encrypted storage, the system generates a random key encrypted by a key stored in the key service storage (KMS Key).

After a VM launch, the vCenter receives a key generated by KMS Key and sends it to the VM encryption module at the ESXi server, which unlocks the key at the ESXi host.

Afterward, all I/O operations are performed via the encryption module. All inbound and outbound SCSI instructions are processed transparently for a guest OS.

vMotion operation principle

vMotion is a VMware vSphere tool that moves running virtual machines from one server to another without interruptions.

This capability is powered by VM-level encryption. 256-bit encryption keys are used to send data at the moment of synchronization. As a result, when VMs are lifted and shifted, all data are transferred in encrypted form. Secure migration of VMs between hosts is ensured by exchanging one-time keys created and maintained by the vCenter server.

Disk encryption is a state-of-the-art data leak prevention mechanism. It is very simple and does not require user intervention because it encrypts data on the fly in background mode. This technology is based on high-performance encryption tools, reliable and robust algorithms. Softline is a progressive high-tech company that implements and maintains such solutions and takes full responsibility for their quality and performance. If you are interested in this service, you can reach us using the contacts below.

Подписаться на новости

На указанный адрес отправлено письмо с подтверждением.
Владимир Александров
руководитель направления vCloud

Рейтинг материала

4,0

Поделиться

Комментарии