Should partitioning be more flexible?

O

otdll

New Member
Jun 12, 2009
6
0
1
I think the Proxmox Installer should be more flexible when it comes to partitioning. I like the debian installers partitioning, for example.

Full Disk Encryption is becoming more important, many companies require FDE for easier disposal of old hardware and for security reasons in general. Maybe one of the developers can say a few words about this. Is it complex to integrate?

I will try to setup an ecrypted proxmox on a test machine this weekend and will report the results if they are worth it.
 
ProxVE already has 2 install routes - appliance style / using the iso installer media; and custom-style as an add-in to stock debian (this only available since version 1.2 I think).

I believe your custom partition requirements could be met with the second of these two routes. (encryption also being present if desired)

Possibly ProxVE appliance ISO installer could be customized by the development team if there are enough requests. So maybe others should post to this thread if they have opinions on the topic.

In theory such flexibility should not be 'terribly difficult' to develop / allow; although ultimately I am not sure I believe it is a big feature requirement myself / in how I see ProxVE being deployed. (just my own opinion).

Again I suspect it comes down more to a matter of "support, resources, and effort", and that the current arrangement is very straightforward; power-users can do custom / manual installs with any level of customization they are comfortable with / that meets their precise requirements; everyone else can just use the basic ISO appliance-style installer and have ProxVE installed & up and running 'quick and easy'.

As for benefits of full disk encryption: I suspect this will fall into the domain of power users/custom installs. I believe entirely there may be cases where encrypted disks make sense (dealing with very confidential data / and in cases where physical security for server deployment sites are in any shadow of doubt for example). I'm not certain that I think it makes 'good sense' to encrypt filesystems as a measure to facilitate easy disposal of servers when they are EOL; given that full disk encryption will incur penalty both in performance and in management/maintenance complexity. For 'appropriate disposal policy' - a good disk-wiper utility and well developed / adhered to security policy seems a better approach. (again, IMHO..)

Of course ProxVE may not be the layer to encrypt; it might be more appropriate to encrypt at a per-VM level (within the VMs) rather than at the level of ProxVE on bare metal. I suspect it becomes a matter of preference and requirement/context..

Anyhow. Just a few thoughts. If you do have results from your tests I am sure they will be of interest to myself and others.

And of course I think it is of use if others interested/with opinions on this topic - should also post their thoughts to this thread.


Tim


Small footnote: One site I'm helping manage, which uses ProxVE - has used "TrueCrypt" full disk / filesystem encryption at the level of VMs (KVM based Win2003 server VM) - and my feeling about this, is that it does work - but I think it has some noticeable performance hit on the VM. Not massive, but certainly noticeable from a user-experience standpoint.
 
fortechitsolutions said:
ProxVE already has 2 install routes - appliance style / using the iso installer media; and custom-style as an add-in to stock debian (this only available since version 1.2 I think).
Click to expand...

What I think is, that when I install PVE on top of an stock debian, I will loose the tiny footprint. It is not so "baremetal" anymore. Thats why I am trying to get the encryption on an ISO-install system.

fortechitsolutions said:
Possibly ProxVE appliance ISO installer could be customized by the development team if there are enough requests. So maybe others should post to this thread if they have opinions on the topic.
Click to expand...

That would be interesting, since I do not know if there is a big desire for FDE.


The reason for applying the encryption "between the partition and the LVM" is, that after rebooting I can go to one server after the other and load the key, and after that all VMs are up and running. Otherwise I had to load the key for every VM at every restart/start of an VM. For some reasons an encryption of all VMs is necessary, there are a lot of confidential data. :(
 
otdll said:
The reason for applying the encryption "between the partition and the LVM" is, that after rebooting I can go to one server after the other and load the key, and after that all VMs are up and running. Otherwise I had to load the key for every VM at every restart/start of an VM. For some reasons an encryption of all VMs is necessary, there are a lot of confidential data. :(
Click to expand...

I dont see how encrypting LVM helps here. As soon as you 'load the key' all data is available, so you do not gain security?
 
dietmar said:
I dont see how encrypting LVM helps here. As soon as you 'load the key' all data is available, so you do not gain security?
Click to expand...

Do you really don't see it?
The point ist, that the "data at rest" must not be readable to anyone as soon as the server is powered off. (some of the maintainance personel does not have the same "security level" as the personel who edit the data)
 
Hi Otdll,

My guess is that Dietmar might have similar feelings as I do; that security holes in an active / up and running system (both in terms of actual open ports / insecure services / etc; as well as procedural / human security failings)- will far outweigh the risk of the server room being broken into; the server being physically stolen, taken offsite, and then data being compromised.... and that encryption is protecting you only against the 'physical theft' security risk scenario.

However, he may wish to clarify / comment otherwise :-)


Tim
 
Hi Tim,

I agree to you. But I cannot understand why one should not use encryption, surely there is a low risk of hardware theft (and similar scenarios) inside the data center, but thats no reason for not using encryption.
When building a firewall one also takes low risks into account, and one builds the firewall the way that it also covers those low risks.

A low risk is just no reason for _not_ protecting something from the danger.

Thats my 2 cents.
 
Hi,

Good points. I guess it all comes down to weighing issues in a given situation,

- physical security of deployment site
- management of servers / issues around long term manageability
- performance impact, if any
- etc..

... and then deciding as is best for your site.

T
 
I have a client that refuses to use proxmox simply because it does not have FDE out of the box.

Imagine that.

I think it should be an option.
Especially if Proxmox is serious about having this product be placed into DC environments.

For many - they send their servers across the nation / heck across the world for goodness sake.

i can see where fde would help
 
typo3usa said:
For many - they send their servers across the nation / heck across the world for goodness sake.
Click to expand...

Have seen this before, too.
Due to more and more restrictions by national law, they simply send their servers to countries that fit better.
 
Just a comment on this thread,

based on all the discussion, I started yesterday a manual install process / (documenting my work) on how to setup ProxVE on a bare debian, assuming

- software raid mirror
- LVM on top of the raid mirror, using same logical LVM layout as a stock ProxVE install
- encrypted swap, encrypted data partition (where VMs live)

the filesystem randomization / encryption was still grinding last night (is a slow process it seems) so I will see about finishing the testing today, and assuming things go fine I'll post the notes back to the forums shortly.

In all honesty, based on the test work so far, this wasn't terribly hard to do. (ie, easier than I had expected). The installer for Debian has very well integrated SW raid, LVM, and encryption features 'out of the box'. But of course I'm not finished yet so maybe I'm counting my un-hatched chickens a bit early.

Anyhow. If/When I get this finished, I'll post my notes to the forums.

Tim


Fortech I.T. Solutions
http://FortechITSolutions.ca
 
fortechitsolutions said:
I started yesterday a manual install process[...] on a bare debian
Click to expand...

I did the same last weekend. I failed :(

The installer for Debian has very well integrated SW raid, LVM, and encryption features 'out of the box'.
Click to expand...

It would perfectly fit into ProxmoxVE ;)


But of course I'm not finished yet so maybe I'm counting my un-hatched chickens a bit early.
Click to expand...

I failed after building the new initramfs. It refused to unlock the encrypted partition on which the LVM was. Had no time to work it out in detail, so i just installed something else. But I am still not happy with it. The Proxmox webinterface is nice, clean and has everything I need.


Tim


Fortech I.T. Solutions
http://FortechITSolutions.ca[/QUOTE]
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom