Moving Disks Between VMs

HyTrust supports the migration of disks between Linux VMs or between Windows VMs as long as:

• The original VM and the target VM are members of the same Cloud VM Set.
• The disk contains a GUID (Globally Unique Identifier) assigned by KeyControl. The GUID is stored in a private area created when the disk is encrypted, added, or imported if there is enough space to do so.
• The disk is partitioned in such a way that KeyControl can add a private area for the GUID. For example, you cannot move a non-partitioned disk, a GPT partition, or a LVM (Logical Volume Manager) volume to another VM because KeyControl cannot add the private area to those entities. You can, however, move an MBR partition because KeyControl can add to that type of partition.

Before You Begin 

If you want to move a Linux disk that is protected by an Access Control Policy, you need to remove the policy from the disk before you can move the disk. For more information, see Access Control Policies.

If you want to move a Windows disk that is protected by an Access Control Policy, make sure that the policy's permissions list will be valid on the VM to which you want to move the disk. If any user currently in the permissions list does not exist on the new VM, the policy association will fail when the disk is rebooted.

Procedure 

1. To verify that the disk you want to move has a GUID:

   1. Log into the original VM as root.

   2. Enter the command hcl status -g on Linux or hcl status on Windows.

      Linux Example

      # hcl status -g
      
      Device Discovery (Registered and Available)
      ---------------------------------------------------
      Disk Name     PartLayout       GUID
      ---------------------------------------------------
      sdb1          MBR              8AF3AF24-351A-2FD4-C1AE-44094D259B3F
      sdb1          MBR              7AFFA524-459F-4F56-AC1E-5459E0259E3F
      

      Windows Example

      Device details
      ---------------------------------------------------
      Drive Disk  Part  Cipher	 Status	   GUID
      ---------------------------------------------------
      C:    0     2     none       Avail-Sys    N/A
      E:    1     1     none       Available    A8E25AE9-7A75-471A-A1AA-7CAE1550B35C
      F:    2     1     none       Available    583EB883-52D3-4B05-A482-FF113B5359DD
      G:    3     1     none       Available    FF2A17F2-D7DE-404B-B977-018ADC611BCC
      

   3. If the disk you want to move has a GUID, you can continue with this procedure. If it does not, then you cannot migrate the disk.

2. Move the disk to a target VM that is a member of the same Cloud VM Set as the original VM.
3. Log into the target VM as root.

4. Enter the command hcl import [-y] diskname, where:

   • -y specifies that the command should run without prompts.
   • diskname is the name of the disk that you just moved.

   KeyControl recognizes the disk by the GUID and adds it back to the system in its new location. Because the disk was previously registered, KeyControl does not need to re-encrypt the data or change the disk in any way. Therefore the data on the disk is immediately available to authorized clients.