Encryption in Nested Virtualization in VMs the run Proxmox

aris

Member
Mar 25, 2018
2
0
6
24
Greece
is it possible to install Proxmox and enable Nested Virtualization, and on the Nested Virtualization and have 2 Proxmox(Installation Debian Buster) VMs That both are encrypted,

---+Proxmox (on the server - (I prefer the Debian Buster installation)) [installed on Hardware]
- -|
- -+Proxmox (Nested Virtualization - Debian Buster Installation encrypted with LUKS or VeraCrypt (I prefer the LUKS)) [installed on VM]
- -+Proxmox (Nested Virtualization - Debian Buster Installation encrypted with LUKS or VeraCrypt (I prefer the LUKS)) [installed on VM]

pros:
+ informations on the server hard drives are encrypted
+ only the owners of the VM can decrypt the data *(I'm not sure for that)
+ you can remotely connect to the server and type in the password to decrypt the VM

cons:
+ if a power outage happens then the server will be not available even after start up because the encryption on the VMs
+ if a power outage happened someone needs to connect remotely to enter the password for the VMs after the power outage*(in the worst-case scenario only)(it is possible that if you type the password is not in your VM and it is a like phishing attack)(also if you remotely connecting it can happen to something like a keylogger to run)
+ if you want to start up a VM you need to type in the decryption password
+ if you want to reboot a VM you need to type in the decryption password

question:
+ data can be stored in the ram this can mean a specialist like from the government can read your data on the ram*(I'm not sure for that)

why I need that:
I want to share a server with someone else but I need to make sure I don't have access to his data and he has not access to my data,
on the same server, we both have physical access to the server, trust exists but it's not the best idea to trust someone,
yes I know their existing many CPU vulnerabilities.

we also have a small UPS, if a small power outage happened,
what sometimes happens in my region Greece they are existing power outages just for ~ milliseconds.

the big question:
is that possible is this a good idea?
do I need to know something before I do that?

Nested Virtualization

https://pve.proxmox.com/wiki/Nested_Virtualization
Install Proxmox VE on Debian Buster
https://pve.proxmox.com/wiki/Install_Proxmox_VE_on_Debian_Buster

thanks for your informations.
sorry if my English is bad
 
why I need that:
I want to share a server with someone else but I need to make sure I don't have access to his data and he has not access to my data,
on the same server, we both have physical access to the server, trust exists but it's not the best idea to trust someone,
yes I know their existing many CPU vulnerabilities.
Simply, buy a separate computer. Either there is trust or there is none. For memory encryption, you will need to look for AMD Epyc or similar.
 
  • Like
Reactions: aris

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!