Hi,
I'm aiming to deploy PVE in the next year or so in a service provider setting to provide VPS' & dedicated servers which are really full server sized PVE VMs running alone on a server.
I've been thinking about how I can increase the level of security for my customers, and haven't come up with many practical solutions. For example, I can't implement LUKS based full disk encryption because it would require either a USB Thumbdrive based keyfile or password to be in the hands of the staff at the colo facility which would defeat the purpose of the security. And buying self-encrypting disks only protect from being read when the disk is out of the machine.
So I'm thinking that it would be good if there were a feature of PVE which allowed customers to implement a password based encryption through the API on a per storage basis it would put customers in control of their security through their control panel I'd be building on the website.
I don't know how difficult this would be to implement in PVE. If it's a simple thing to do, I'd consider contracting its development myself, so that it can be contributed & integrated in a future release. But someone would have to advise me as to whether it would be affordable for me to do so. I'm on an extremely tight budget, but this kind of security would be a worthwhile selling point.
I'm aiming to deploy PVE in the next year or so in a service provider setting to provide VPS' & dedicated servers which are really full server sized PVE VMs running alone on a server.
I've been thinking about how I can increase the level of security for my customers, and haven't come up with many practical solutions. For example, I can't implement LUKS based full disk encryption because it would require either a USB Thumbdrive based keyfile or password to be in the hands of the staff at the colo facility which would defeat the purpose of the security. And buying self-encrypting disks only protect from being read when the disk is out of the machine.
So I'm thinking that it would be good if there were a feature of PVE which allowed customers to implement a password based encryption through the API on a per storage basis it would put customers in control of their security through their control panel I'd be building on the website.
I don't know how difficult this would be to implement in PVE. If it's a simple thing to do, I'd consider contracting its development myself, so that it can be contributed & integrated in a future release. But someone would have to advise me as to whether it would be affordable for me to do so. I'm on an extremely tight budget, but this kind of security would be a worthwhile selling point.