On 08/30/2018 07:13 AM, Dag Nygren wrote:
On onsdag 29 augusti 2018 kl. 20:19:22 EEST Alvin Starr wrote:
So in this case do the VM's need to be protected from each other or are they all inside a safe controlled network.
No, the environment is quite controlled. What need to be achieved is that IF someone steal the image for one or several of the VM:s they will not be able to emulate the functionality on any other hardware platform.
The VM:s are together making up a functional setup where they are all needed. Isolation between them is not critical.
Your other options would be to use something like LUKS to encrypt the images and get the decription keys from a remote key server. That way if the whole computer is stolen the thieves will not be able to start any VM without the key server.
In either case if the thieves manage to get a root account on any of the servers then they will be able to use normal copy tools to extract as much data as they desire.
A more likely scenario would be that after some time the servers get turned off because of newer and shinier servers have been installed. Now somebody from Accounting sells the servers to someone to recover that last little bit of value and nobody thinks to scrub the data.
I know this happens because I once bought a tape system that had ALL of the backups from an HMO in California.
Is this to secure one VM from another or is it being used for something like software licensing validation?
One has serious security implications the other is just making it possible for someone to run a stupid licensing model on a virtual machine.
No licensing :-)
Best Dag