[ale] OT - SED drive compatibility

[Beddingfield, Allen]

My biggest issue with this approach is that each system requires manual intervention to come up.  We already have our Oracle drones insisting that they bring Oracle up manually....sigh.  
Luckily, our HIPAA compliant systems are all Windows-based, and a problem for another team :D 
We do have some PCI systems, and that is an unbelievable list of requirements, down to not locating PCI VMs on the same virtualization host as non-PCI VMs.
Allen B.
--
Allen Beddingfield
Systems Engineer
The University of Alabama

________________________________________
From: ale-bounces at ale.org [ale-bounces at ale.org] on behalf of Jim Kinney [jim.kinney at gmail.com]
Sent: Monday, September 08, 2014 12:12 PM
To: Atlanta Linux Enthusiasts
Subject: Re: [ale] OT - SED drive compatibility

Added layer of physical security for HIPAA compliance led to the wholesale
adoption. Yes, remote access and data theft would occur to a decrypted
filesystem once it's running. But much of my work often requires encrypted
data at rest for many system and the performance hit is essentially trivial
compared to the rest of the system, so it's easy to to keep that as a
default. The HPC systems have absolutely all security disabled and are
hidden behind firewalls on private LAN, etc.

It also indicates a level of unsure trust of the physical access to the
systems. Never had an issue but don't want to be on the wrong end if
something does happen.