amuck-landowner

OpenVZ vps disk encryption

corpus

New Member
Hello,

i have a small OpenVZ vps and i want to use it as a personall mail server.

Is there a way to encrypt my disk so my mails will be encrypted? If not are there other options to use ?

Thanks
 

Damian

New Member
Verified Provider
I don't think you'll be able to effect disk encryption with OpenVZ, as OpenVZ doesn't really expose that layer of hardware to the VM container.

KVM would be a better fit for what you're trying to effect.

You might not be able to encrypt directories with the process mentioned above as you probably won't be able to re-mount anything. But it wouldn't hurt to try it.
 

KuJoe

Well-Known Member
Verified Provider
Last I read encryptfs depends on the kernel which is not supported in the OpenVZ kernels. Correct me if I'm wrong though because we've had some requests for this but have been unsuccessful so I might just be doing something wrong.
 

peterw

New Member
Disk encryption? No.

File encryption with mail server? No. Because the mail service needs the key for crypt and decrypt the mail folder. So there must be a file containing the key. It is like lock the door but keeping the key in the lock.
 

WebSearchingPro

VPS Peddler
Verified Provider
You can do encrypted files, but not an encrypted file system. That is just how OpenVZ works (by default). However, there has been a "OpenVZ Addon" if you will, that allows KVM like disk functionality with the CPU / Memory overhead of OpenVZ.

http://openvz.org/Ploop/Why

This *should* allow your customers to do full disk encryption. (Not end user software)
 

peterw

New Member
You can do encrypted files, but not an encrypted file system. That is just how OpenVZ works (by default). However, there has been a "OpenVZ Addon" if you will, that allows KVM like disk functionality with the CPU / Memory overhead of OpenVZ.

http://openvz.org/Ploop/Why

This *should* allow your customers to do full disk encryption. (Not end user software)
Thank you for introducing ploop.

Benefits
  • File system journal is not bottleneck anymore
  • Large-size image files I/O instead of lots of small-size files I/O on management operations
  • Disk space quota can be implemented based on virtual device sizes; no need for per-directory quotas
  • Number of inodes doesn't have to be limited because this is not a shared resource anymore (each CT has its own file system)
  • Live backup is easy and consistent
  • Live migration is reliable and efficient
  • Different containers may use file systems of different types and properties
Does any vps provider support Ploop yet?
 

kaniini

Beware the bunny-rabbit!
Verified Provider
Ploop removes the ability to overcommit disk.  Why would any OpenVZ provider want that? :p
 

Francisco

Company Lube
Verified Provider
Ploop removes the ability to overcommit disk.  Why would any OpenVZ provider want that? :p
Not really. It does on the fly growing but you take a performance hit while it grows.

I wanted to use ploop for its snapshot support but it's ehhhh...

Is there no encryption via FUSE you can do? Or is there tons of overhead?

Francisco
 

BuyCPanel-Kevin

New Member
Verified Provider
You can't really encrypt your mail on the drive, you can install ssl to have your sent mail encrypted though. You can try trucrypt so if someone physically try's to take the data they won't be able to. 
 
Top
amuck-landowner