"Encrypted Block Storage: Technical Walkthrough"
By: Jarret Raim,Joel Coffman
The Volume Encryption feature in OpenStack presents a normal block storage device to the VM but encrypts the data in the virtualization host before writing to a remote disk. This provides data confidentiality against network traffic interception, compromised storage hosts, and stolen disk drives. To the end user, the block server operates exactly as it would when reading and writing unencrypted blocks. It includes a key manager interface that supports key generation and storage, and the interface allows different key managers to be supported such as Barbican or a KMIP server. This session will be split into two parts, the first covering the set up of the Barbican key management service and the second covering the configuration and use of Cinder and Nova to provide encrypted block storage.
Download The Presentation Slides