On Tue, Nov 10, 2015 at 12:40:19AM +0000, Tim Sammut wrote:
I meant is it possible for a relay operator to detect if a snapshot of a running VM or VPS has been taken? Asked slightly differently, if I have a relay running as a VPS or VM, can I somehow detect if my provider took a snapshot of the relay without informing me?
Probably not. With most VM solutions, storage is pretty well abstracted from the virtual guests. I know that with Xen and OpenVZ, the typical way storage is provided (loopbacks) gives no way for the guest to see what the hypervisor is doing to the data. Furthermore, if the data is on a SAN, there's even more ways that the data can be snooped at without informing the guest of such activities.
Following from that, are uninterrupted snapshots of running VMs possible in all hypervisors or should we be using the provider's hypervisor technology choice to inform how we decide which providers to use?
Storage tech is mostly independent of virtualization tech. I don't think it really matters what hypervisor is used. Ultimately, the hypervisor must be trusted regardless of what storage is in use, so I don't think it really matters, either. If you're really worried about security, run your Tor node on hardware you control.
--Sean