Encrypting a Swap Partition

The swap partition is an independent section of the hard disk used solely for swapping; no other files can reside there.

Note

SecureCloud can only encrypt swap partitions that are already mounted on the host before starting the agent service.

Swap partitions that are manually mounted after starting the agent service will not be encrypted. You need to stop, then restart the agent, and then provision the device again.

To see what swap space you have, use the command swapon -s. The output will look something like this:

Tip

To see what swap space you have, use the command swapon -s. The output will look something like this:

Filename  Type       Size Used Priority

/dev/sda5 partition  859436  0       -1

The Type field indicates that this swap space is a partition rather than a file, and from Filename we see that it is on the disk sda5. The Size is listed in KB.

The Priority field indicates the order of swap devices—with the biggest number of priority will be used first. Two types of Priority are present:

A negative Priority value is the default value assigned by the system (for example, -1)
A positive Priority value is a partition that has been manually assigned by an administration.

The SecureCloud agent keeps and follows the priority value.

In this release, SecureCloud can encrypt a swap partition space of agents running an Amazon EC2 Linux-based instance. After the agent installation, you can toggle the Encrypt swap partition checkbox from the Inventory > Images page.

Note

By default, this option is unselected.

If a swap partition is successfully encrypted, the command swapon -s displays the following:

/dev/edX

X depends on how many swap devices you have.

Any of the following events can stop encrypting a swap partition:

Agent service is stopped
Encrypt swap partition is not selected

$('#title').html($('meta[name=description]').attr('content'));