Migration of full-disk encrypted virtualized storage between blade servers
First Claim
1. A method comprising:
- obtaining a key to perform an operation on a first blade server of a plurality of blade servers from a virtual security hardware instance associated with the first blade server;
providing the key via the secure out-of-band communication channel to the first blade server; and
migrating the key from the first blade server to a second blade server of the plurality of blade servers.
1 Assignment
0 Petitions
Accused Products
Abstract
A method, system and computer-readable storage medium with instructions to migrate full-disk encrypted virtual storage between blade servers. A key is obtained to perform an operation on a first blade server. The key is obtained from a virtual security hardware instance and provided to the first blade server via a secure out-of-band communication channel. The key is migrated from the first blade server to a second blade server. The key is used to perform hardware encryption of data stored on the first blade server. The data are migrated to the second blade server without decrypting the data at the first blade server, and the second blade server uses the key to access the data. Other embodiments are described and claimed.
-
Citations
19 Claims
-
1. A method comprising:
-
obtaining a key to perform an operation on a first blade server of a plurality of blade servers from a virtual security hardware instance associated with the first blade server; providing the key via the secure out-of-band communication channel to the first blade server; and migrating the key from the first blade server to a second blade server of the plurality of blade servers. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system comprising:
-
a plurality of blade servers, wherein a first blade server of the plurality of blade servers further comprises an interface configured to obtain a key to perform an operation on the first blade server from a first virtual security hardware instance of a plurality of virtual security hardware instances; a chassis management module configured to provide the plurality of virtual security hardware instances, each of the virtual security hardware instances corresponding to a respective blade server of the plurality of blade servers; and a secure out-of-band communication channel between the chassis management module and the plurality of blade servers; wherein the chassis management module is further configured to; provide the key via the secure out-of-band communication channel to the first blade server; and migrate the key from the first blade server to a second blade server of the plurality of blade servers. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A computer-readable storage medium comprising:
-
instructions to obtain a key to perform an operation on a first blade server of a plurality of blade servers from a virtual security hardware instance associated with the first blade server; instructions to provide the key via the secure out-of-band communication channel to the first blade server; and instructions to migrate the key from the first blade server to a second blade server of the plurality of blade servers. - View Dependent Claims (15, 16, 17, 18, 19)
-
Specification