???
???
???
Storage
[ 100 ]
LVM: This is an enterprise grade storage mechanism that makes it very
easy to resize, move, and reconfigure the storage to adapt to the changing
needs of an enterprise, and is probably the most recommended production
configuration for a Xen deployment.
We also discussed some advanced storage options that are available for use with
Xen. In the next chapter, we will examine some options for encrypting root file
systems for guest domains when using Xen.
???
Encryption
In this chapter we will secure guest domains by encrypting their root file system.
Security in Xen is very important as improvements are being made to it all the time.
Encrypting the root file system for a domain provides an extra layer of security
over and above restricting physical access to the domain. You can encrypt not only
the partitions that contain the root file system, but also those which are used by the
domains. An encrypted file system prevents any information from being available
to a malicious user who gains physical access to the system while it is not running.
The files and the data in them will appear garbled and will be practically useless. The
algorithms used provide a strong encryption of the file system data.
The key thing to be aware of here is that hackers could access information if they
gain physical access to the system while it is running and the files in use are in a
decrypted form. So it is very important to have controls in place to restrict physical
access to the systems appropriately.
Pages:
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99