Context Navigation

Changes between Version 1 and Version 2 of PublicProcedures

Timestamp:: 11/14/13 12:26:44 (10 years ago)
Author:: garcon du monde
Comment:: created intro; updated VM section; added contents listing

Legend:

: Unmodified
: Added
: Removed
: Modified

PublicProcedures

-                      v1
+                      v2
+[[PageOutline]]
 == Standard Operating Procedures ==
+=== Providing Virtual Machines ===
+This page describes baseline policies that we use in our routine provision of services. Where possible, we try to comply with the [https://policy.sarava.org/policy/  Providers' Commitment for Privacy (PCP)]. Information is current as per the last edit  in the [wiki:PublicProcedures?action=history history].
+This section describes our current best practices for setting up virtual machines as of 2013.  We do have legacy systems or special cases in which the setup does not conform to this policy.  We do our best to inform our users about the technical setup of their working environment, and provide support if necessary.
+=== Provision of virtual machines (VMs) ===
 We set up our infrastructure in a way that administrators of the Tachanka! collective have no access to the crytographic keys of the virtual machines.  Therefore we actually have very limited knowledge about the data and the activities of our users.  This applies to backups as well, in cases where we are making backups.
+Wherever possible, we set up our infrastructure in a way that administrators of the Tachanka! collective have no access to the cryptographic keys of hosted virtual machines.  Therefore, we have extremely limited knowledge about the data and the activities of our users. In cases where we are making backups, this applies to them as well.
+ * We use one layer of encryption on the host machine.
+ * Virtual machines have their own block devices with a second layer of encryption and hence a different key.
+ * In this way, users of virtual machines can manage their own LUKS passphrases independently of the Tachanka! collective.
+ * We use a base layer of encryption on host servers.
+ * Virtual machines have individualised block devices that employ a second layer of encryption. Consequently, these each require a separate, individual key.
+ * We strongly encourage users of virtual machines to manage their own LUKS passphrases independently of the Tachanka! collective.
+ * Users are informed about the technical setup of their working environments and, if required, supported in setting up appropriate encryption.
 Please take note of this when you request services, support or data from us.
+Please note, there are some legacy systems or special cases in which the setup does not conform to this policy.