Persistent volume storage ("volumes") is Nectar's way of providing you with disk space. Volumes are virtual devices; they can live alongside your virtual machine. A volume's life cycle is independent of a virtual machine, but manipulating data on a volume typically requires that it is attached to a virtual machine. Volumes appear as block storage devices and are typically used to hold a file system, mounted into your operating system, making the storage available to your applications. Volumes can be unmounted and detached from a VM and attached to and mounted on another. Data on a volume persists even when you terminate your virtual machine. You can make bootable volumes, you can use volume snapshots and a volume can be transferred to another project.
When applying for Volume storage through the allocation request form on the Nectar Research Cloud dashboard you have the option of choosing either a standard volume or an encrypted volume or a mixture of both in the availability zone you choose to request the volume at.
Encrypted Volume Storage
For an encrypted volume, data is encrypted at rest using the Advanced Encryption Standard (AES) algorithm. All data at the storage level is encrypted with AES256. AES256 is recommended by the National Institute of Standards and Technology (NIST) for long-term storage use.
For each volume created an encryption key is created on your behalf and stored in the Nectar Key Management Service.
Encrypted Volume Storage Warnings
Performance of encrypted volumes is reduced with read and writes to the encrypted volume (3-4x performance reduction).
If you lose your user-managed key you will lose access to your volume and the data will be irretrievable.
Data on attached volumes is only as secure as the user's virtual machine. If people gain access to your virtual machine they will also be able to access your encrypted volume.
Having encrypted volumes will improve the security of handling sensitive data but it is not a complete security solution e.g. Nectar Research Cloud is not ISO27001 certified.
Allocation for Persistent Volume Storage
A volume storage allocation can be requested using the Allocation Request form, under Allocations on your dashboard, either as part of a New Request (resulting in a new project) or as an amendment to an existing project under My Requests.
Like instances, volumes are hosted in an availability zone and importantly volumes can only be attached to instances running in the same availability zone. When requesting a volume storage allocation, you will need to consider where your solution will be hosted.
Volume Service. The section of the Allocation Request form where you can request Volume Storage allocation/s
Please visit the Nectar Tutorial Website for a step by step tutorial for how to create and use volume using the Nectar Research Cloud Dashboard.