[ale] OT - SED drive compatibility
Beddingfield, Allen
allen at ua.edu
Mon Sep 8 14:49:31 EDT 2014
Oh, there is a theoretical possibility that a non-PCI VM could be compromised and used to read something from the CPU cache. VMware confirms that this is possible (saw a nice little demo on it), but that the chances of actually getting enough data from one VM on the host is almost non-existent.
Allen B.
--
Allen Beddingfield
Systems Engineer
The University of Alabama
________________________________________
From: ale-bounces at ale.org [ale-bounces at ale.org] on behalf of Jim Kinney [jim.kinney at gmail.com]
Sent: Monday, September 08, 2014 1:44 PM
To: Atlanta Linux Enthusiasts
Subject: Re: [ale] OT - SED drive compatibility
I know about Oracle zealots, er, priests, um, drones. Oracle wants to run
the entire box and the priests are gathering the faithful to ward off the
unwashed masses with a burning
at the stake.
The division of virtualization hosts is new to me.
On Mon, Sep 8, 2014 at 2:33 PM, Beddingfield, Allen <allen at ua.edu> wrote:
> The logic behind not locating them on the same virtualization host, or
> about our Oracle drones not wanting Oracle to start automatically?
> --
> Allen Beddingfield
> Systems Engineer
> The University of Alabama
>
> ________________________________________
> From: ale-bounces at ale.org [ale-bounces at ale.org] on behalf of Jim Kinney [
> jim.kinney at gmail.com]
> Sent: Monday, September 08, 2014 1:23 PM
> To: Atlanta Linux Enthusiasts
> Subject: Re: [ale] OT - SED drive compatibility
>
> On Mon, Sep 8, 2014 at 2:05 PM, Beddingfield, Allen <allen at ua.edu> wrote:
>
> > My biggest issue with this approach is that each system requires manual
> > intervention to come up. We already have our Oracle drones insisting
> that
> > they bring Oracle up manually....sigh.
> > Luckily, our HIPAA compliant systems are all Windows-based, and a problem
> > for another team :D
> > We do have some PCI systems, and that is an unbelievable list of
> > requirements, down to not locating PCI VMs on the same virtualization
> host
> > as non-PCI VMs.
> >
>
> I would like to see the logic behind that last one!
>
>
> > Allen B.
> > --
> > Allen Beddingfield
> > Systems Engineer
> > The University of Alabama
> >
> > ________________________________________
> > From: ale-bounces at ale.org [ale-bounces at ale.org] on behalf of Jim Kinney
> [
> > jim.kinney at gmail.com]
> > Sent: Monday, September 08, 2014 12:12 PM
> > To: Atlanta Linux Enthusiasts
> > Subject: Re: [ale] OT - SED drive compatibility
> >
> > Added layer of physical security for HIPAA compliance led to the
> wholesale
> > adoption. Yes, remote access and data theft would occur to a decrypted
> > filesystem once it's running. But much of my work often requires
> encrypted
> > data at rest for many system and the performance hit is essentially
> trivial
> > compared to the rest of the system, so it's easy to to keep that as a
> > default. The HPC systems have absolutely all security disabled and are
> > hidden behind firewalls on private LAN, etc.
> >
> > It also indicates a level of unsure trust of the physical access to the
> > systems. Never had an issue but don't want to be on the wrong end if
> > something does happen.
> >
> >
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://mail.ale.org/mailman/listinfo/ale
> > See JOBS, ANNOUNCE and SCHOOLS lists at
> > http://mail.ale.org/mailman/listinfo
> >
>
>
>
> --
> --
> James P. Kinney III
>
> Every time you stop a school, you will have to build a jail. What you gain
> at one end you lose at the other. It's like feeding a dog on his own tail.
> It won't fatten the dog.
> - Speech 11/23/1900 Mark Twain
>
>
> *http://heretothereideas.blogspot.com/
> <http://heretothereideas.blogspot.com/>*
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://mail.ale.org/pipermail/ale/attachments/20140908/7132da05/attachment.html
> >
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
--
--
James P. Kinney III
Every time you stop a school, you will have to build a jail. What you gain
at one end you lose at the other. It's like feeding a dog on his own tail.
It won't fatten the dog.
- Speech 11/23/1900 Mark Twain
*http://heretothereideas.blogspot.com/
<http://heretothereideas.blogspot.com/>*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20140908/d4e21a44/attachment.html>
_______________________________________________
Ale mailing list
Ale at ale.org
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
More information about the Ale
mailing list