When you reboot, you will be asked for the passphrase before the file system
can be mounted. Provide the passphrase and the file system will be mounted.
Now you can start up your Ubuntu guest domain as usual using a domain
configuration file.
What Just Happened?
LUKS is an extension to dm-crypt and allows us to add multiple users/passwords
(up to eight users). LUKS specifies a platform independent standard on-disk
format and facilitates interoperability among different software. It uses a partition
header to store the encryption-setup information and this enables some of the
following options:
Modifying an encrypted volume's passphrase without any re-encryption of
the data present on the volume.
Provide multiple passphrases for the same data on the volume. This enables
multiple users to have access to the volume.
The ability to transport or migrate data to different systems.
Summary
In this chapter we explored two different mechanisms for encrypting the root file
systems used by Xen guest domains:
Device mapper encryption??”A mechanism for encrypting block devices
using the cryptographic API provided by the Linux kernel.
Device mapper encryption using LUKS??”A standard format for encryption
that extends dm-crypt.
In the next chapter, we will explore the options available for the migration of live
Xen instances and the restoration of saved Xen domains.
??? ??? ??? ??? ???
Migration
In this chapter we will discuss the migration of domains from one server to another.
Pages:
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105