I've been suggesting that automated unlocking via Clevis/Tang is a great way to provide per-VM encryption without a lot of headache.
https://www.youtube.com/watch?v=qPl5tl0QPNk


Thank you,

John Call
jcall@redhat.com


On Tue, Oct 22, 2019 at 11:34 PM Strahil <hunter86_bg@yahoo.com> wrote:

Hi,
Maybe a gluster encryption will also cover your needs in a hyper converged setup?

Best Regards,
Strahil Nikolov

On Oct 22, 2019 14:43, Sandro Bonazzola <sbonazzo@redhat.com> wrote:


Il giorno mar 22 ott 2019 alle ore 12:32 MIMMIK _ <dmarini@it.iliad.com> ha scritto:
Is there a way to get a full disk encryption on virtual disks used by VMs in oVirt?

You can use encrypted file system managed from within the VM itself if the OS support it (dm-crypt with LUKS on GNU Linux, BitLocker) which is the most secure choice on this topic.
Encrypting the storage hosting the VM disks won't help once you access the storage for booting the VM, at that point disks will be accessible without encryption.



 

Regards
_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-leave@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/3FMGDSRBHRWYRCBFM6ZHSJQNMKGJU4NK/


--
_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-leave@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/6Y7JDYFGEJTDPX2SCBYUBXNWRUWVI26L/