Watch OpenStack Summit keynote and breakout session videos from Vancouver      Watch now

Encrypted Block Storage: Technical Walkthrough

The Volume Encryption feature in OpenStack presents a normal block storage device to the VM but encrypts the data in the virtualization host before writing to a remote disk. This provides data confidentiality against network traffic interception, compromised storage hosts, and stolen disk drives. To the end user, the block server operates exactly as it would when reading and writing unencrypted blocks. It includes a key manager interface that supports key generation and storage, and the interface allows different key managers to be supported such as Barbican or a KMIP server. This session will be split into two parts, the first covering the set up of the Barbican key management service and the second covering the configuration and use of Cinder and Nova to provide encrypted block storage.

Speakers: Jarret Raim,Joel Coffman

Related Media:

superuser-slides.zip