Home > Design Patterns > Cloud VM Platform Encryption

Cloud VM Platform Encryption (Cope, Erl)

How can VM backups, snapshots, and live migration be secured?

Cloud VM Platform Encryption

Problem

VM backups, snapshots and live migration create files that encapsulate the entire VM. These files can then be copied or moved outside the application that the cloud consumer controls, making them vulnerable to attacks.

Solution

Encrypted containers are provided for use and storage of the various types of VM backups and replications.

Application

A key manager is used to manage keys for encryption of the various types of VM storage that are pre-provisioned to receive backups and snapshots of consumer VMs or to receive replications and live migrations.
Cloud VM Platform Encryption: Pre-configured VMs encrypted with consumer controlled encryption.

Pre-configured VMs encrypted with consumer controlled encryption.

Cloud VM Platform Encryption: Key management and the Cloud VM Platform Encryption pattern.

Key management and the Cloud VM Platform Encryption pattern.