Method used to implement VM encryption (including data disk encryption)

To implement VM disk encryption, deploy encryption and decryption agents on a user VM and use the Intel CPU's AES-IN encryption instructions for hardware acceleration. All user and application data is dynamically encrypted when it is written to the virtual disk (volume) and decrypted when it is read from the virtual disk (volume). The data stored in virtual disk files is in ciphertext, and will not be disclosed even if the physical disk or volume and snapshot files are stolen.
Prototype test: About 10% performance compromises.

Scroll to top