KMS

Previously in a post I explained how to set up an encrypted volume using an encryption key manager (KMS) specifically from the company HyTrust . In this specific case each volume is encrypted individually using independent keys. A disadvantage of this method is that it affects the possibility of increasing the efficiency levels of data reduction such as compression, compaction and deduplication (cross-volume-dedupe). To eliminate this disadvantage the NetApp gurus came up with the idea of applying the encryption feature at the aggregate level by allowing volumes residing within the same aggregate to share the encryption key. This technology is known as NetApp Aggregate Encryption (NAE)`. This allows customers the option to take advantage of storage efficiency technologies in conjunction with the encryption process. ...

Using NetApp documentation as a reference: NetApp Volume Encryption (NVE) is a software-based technology for encrypting data at rest one volume at a time. An encryption key that can only be accessed by the storage system ensures that the data on the volume cannot be read if the underlying device is reused, returned, lost or stolen. NetApp Documentation In this tutorial I explain how easy it is to configure and manage this impressive security feature. ...

HyTrust KeyControl Enabled encryption users to easily manage their encryption keys at scale. HyTrust is the only KMS vendor that VMware invested in. It is available as an OVA, for fast installation and configuration in VMware vCenter. In this post I show you how to easily install and configure this KMS service in a vSphere environment. Step 1 – Deploying the OVA Package Browse to the location where the OVA file located. ...

This is one of my favorite feature in vSphere 7 Update 2. VMware now provides the capability to use a new native key provider for encryption. Allowing us to use vSAN encryption, VM encryption and vTPM natively without the requirement to deploy an external Key provider. In the past this capability can only be provided by using a 3rd party solution like Hytrust KeyControl. In this post I will explain how easy is to configure and deploy this awesome new feature. ...