Skip to content

Commit 7d8efa7

Browse files
Jenny-AnneJenny-Anne
committed
concept
1 parent 1ed7836 commit 7d8efa7

File tree

1 file changed

+25
-0
lines changed

1 file changed

+25
-0
lines changed

documentation/modules/con_migration-of-luks-encrypted-disks.adoc

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,25 @@
1+
// Module included in the following assemblies:
2+
//
3+
// assembly_planning-migration-vmware.adoc
4+
5+
:_mod-docs-content-type: CONCEPT
6+
[id="con_migration-of-luks-encrypted-disks_{context}"]
7+
8+
= Migration of LUKS-encrypted disks
9+
10+
[role="_abstract"]
11+
You can migrate virtual machines (VMs) with Linux Unified Key Setup (LUKS)-encrypted disks from VMware vSphere to Red Hat OpenShift Virtualization by enabling Network-Bound Disk Encryption (NBDE) with Clevis. Alternatively, you can manually add passphrases for LUKS-encrypted devices in your migration plan.
12+
13+
Components of NBDE::
14+
15+
* *Migration Toolkit for Virtualization (MTV):* Transfers the data of VMs with LUKS-encrypted disks from the source environment to the target OpenShift Virtualization cluster. The data transfer is based on MTV's raw copy mode, which copies the encrypted data bit-for-bit, without modifying the underlying encryption.
16+
* *LUKS:* The standard disk encryption specification used on the source VM. The encrypted partitions remain in their original state during the migration process, ensuring data security and integrity.
17+
* *Clevis:* Client-side framework that automates the decryption of LUKS volumes by binding a LUKS key slot to a policy. To migrate VMs with LUKS-encrypted disks, the Clevis configuration is transferred to or re-established in the destination environment. After migration, the Clevis configuration on the destination OpenShift Virtualization host automatically authenticates with the configured network service to retrieve the key to unlock the LUKS-encrypted disk. The automatic retrieval of the key allows the VM to boot without a manual passphrase entry from an administrator.
18+
19+
Benefits of NBDE::
20+
21+
* *Automation:* Eliminates the need for manual steps to decrypt volumes post-migration, reducing the risk of human error and accelerating the overall process.
22+
* *Enhanced security:* Maintains the security of VMs throughout their migration lifecycle by preserving LUKS encryption from the source to the destination.
23+
* *Seamless operation:* Ensures that VMs with encrypted disks can be brought online in the new OpenShift Virtualization environment with minimal interruption.
24+
25+

0 commit comments

Comments
 (0)