Encryption is important, encryption within a VM even more important. But the question is how to do this securely without allowing the encryption keys to be seen by an administrator of the virtual environment and that supports vMotion or LiveMigration. The solution is per VM encrypted memory, but something that makes use of hardware, out of band key exchange, and supports vMotion or LiveMigration. This may be a tall order but I believe it is necessary to fully realize Secure Multi-Tenancy.
Secure Multi-Tenancy (SMT) is all about protecting the data from all who do not have access to manipulate or view such data. Current SMT thoughts are in the direction of Integrity and Confidentiality as Availability is well understood. To do this, I have suggested that we need to have better encryption or digital signatures available to the VM, and generally this implies hardware encryption via some device like TPM/TXT/HSM, etc. The reason for this is: Continue reading Safe way to Encrypt within a VM – Need for Technology