Interested in volume encryption to secure your environment? Find out how to design and implement a volume encryption service based on the Barbican project. OnRamp built and deployed a volume encryption service for their Virtual Private Cloud, allowing users to encrypt their volumes. Each volume the VPC users provision is encrypted with a unique key, ensuring that their data is not readable by other tenants in the cloud.
Using lessons learned from OnRamp’s VPC, OpenStack Engineer Duncan Wannamaker will review the design journey from soup to nuts, including outlining requirements, choosing from the available open source platforms, developing the architecture, and implementing the volume encryption. Learn from the challenges OnRamp encountered with a multi-tenant deployment, and see a demo of how to create an encryption key, integrate Cinder with Barbican, and create and attach encrypted volumes.
What does Barbican offer for encryption management? What is it lacking?
What are the pros and cons of using Barbican versus other open source alternatives, like Vault?
What level of security does volume encryption provide? What are the limitations?
How OnRamp built and deployed an encryption key generation and management service for a multi-tenant environment.
How to integrate Barbican and Cinder.
Configuring encryption using Simple Crypto or a Hardware Security Module with Barbican.
How to mount a volume using a unique encryption key.
How a user can leverage Barbican to encrypt volumes.
OnRamp’s ideas for improving this service in the future.
