Running a single appVM off another volume
16 views
Skip to first unread message
Achim Patzner
Nov 2, 2018, 7:43:00 AM11/2/18
to qubes-users
Hi!
Is there an easier way of storing a single VM on an external device
(assume it to be an USB conneted medium) without doing elaborate dances
around it or having to backup and restore? One of our customers got the
bright idea to store a VM containing their CA on an USB flash and
connecting it to "an appropriate machine" (Yes! "Appropriate! Imagine
the fun I'm having *now*) for key signing ("Guys, have you ever heard
of a device called HSM?" "No, and please don't tell us.").
$appropriate was considered to be VMware without a virtual network
interface, running the machine off a USB flash. Securely stored on a
hook besides the door, "because if it is physically disconected it is
safe".
Ok, may not be TAILS (because that's used by criminals) but using Qubes
is an option. Getting off the VM-on-external-media-only trip not. Is it
possible to get these guys on Qubes without "changing the documented
process"?
Achim
Is there an easier way of storing a single VM on an external device
(assume it to be an USB conneted medium) without doing elaborate dances
around it or having to backup and restore? One of our customers got the
bright idea to store a VM containing their CA on an USB flash and
connecting it to "an appropriate machine" (Yes! "Appropriate! Imagine
the fun I'm having *now*) for key signing ("Guys, have you ever heard
of a device called HSM?" "No, and please don't tell us.").
$appropriate was considered to be VMware without a virtual network
interface, running the machine off a USB flash. Securely stored on a
hook besides the door, "because if it is physically disconected it is
safe".
Ok, may not be TAILS (because that's used by criminals) but using Qubes
is an option. Getting off the VM-on-external-media-only trip not. Is it
possible to get these guys on Qubes without "changing the documented
process"?
Achim
awokd
Nov 3, 2018, 11:43:58 AM11/3/18
to qubes...@googlegroups.com
Achim Patzner:
There's https://www.qubes-os.org/doc/secondary-storage/ but not sure how
well either approach works with drives appearing and disappearing. Think
there's been some earlier discussion in this mailing list too.
well either approach works with drives appearing and disappearing. Think
there's been some earlier discussion in this mailing list too.
Reply all
Reply to author
Forward
0 new messages