For block there is no native encryption so this must be referring to file. A while back there was an option to purchase celerra with brocade switches that would encrypt data between datamovers and backend storage ..not sure if this option is available for VNX.
What is meant by "Data is encrypted where created"? I found this in the Security and Compliance Suite for VNX.
Security and Compliance Protects data from unwanted changes and other actions. Data is encrypted where created and protected anywhere outside the server. File-level retention supports compliance
The Security and Encryption Suite for VNX includes licenses for a few Block and File features. Specifically for encryption, the suite includes the right to use PowerPath Encryption for any hosts attached to that VNX. The RSA key manager is still required to manage the keys, but the suite provides the powerpath portion of the licenses.
For VNX and Clariion, as others have mentioned, use PowerPath Encryption Enabler with RSA. This provides encryption from the host all the way to the storage and prevents other hosts from mounting the volume.
For VMAX, you can use PowerPath Encryption Enabler as well, or if you are just concerned with protecting the data when drives fail, or the array hardware is decommissioned/sold, you can order VMAX with built-in data-at-rest-encryption which encrypts every disk with it's own key. If any disk is removed from the array, the data on that disk is unreadable. This *helps* companies comply with some of the PCI, HIPPA, and SOX rules.
For NAS Data, also mentioned is that you can insert the Brocade encryption appliance between the NAS gateway and the backend block storage. This is similar to the data-at-rest-encryption available with VMAX, but does not provide end-to-end encryption of the data, ie: from client to NAS.
dynamox
9 Legend
•
20.4K Posts
0
October 15th, 2012 06:00
For block there is no native encryption so this must be referring to file. A while back there was an option to purchase celerra with brocade switches that would encrypt data between datamovers and backend storage ..not sure if this option is available for VNX.
dynamox
9 Legend
•
20.4K Posts
0
October 12th, 2012 10:00
VMAX on the other hand can do it the engine so there is no need for any host software.
dynamox
9 Legend
•
20.4K Posts
0
October 12th, 2012 10:00
for block storage ? not natively, you can use PowerPath encryption enabler with RSA
jvega1
25 Posts
0
October 15th, 2012 05:00
Dynamox,
What is meant by "Data is encrypted where created"? I found this in the Security and Compliance Suite for VNX.
Security and Compliance
Protects data from unwanted changes and other actions. Data is encrypted where created and protected anywhere outside the server. File-level retention supports compliance
jvega1
25 Posts
0
October 15th, 2012 06:00
Thanks again.
Storagesavvy
474 Posts
1
October 15th, 2012 15:00
The Security and Encryption Suite for VNX includes licenses for a few Block and File features. Specifically for encryption, the suite includes the right to use PowerPath Encryption for any hosts attached to that VNX. The RSA key manager is still required to manage the keys, but the suite provides the powerpath portion of the licenses.
For VNX and Clariion, as others have mentioned, use PowerPath Encryption Enabler with RSA. This provides encryption from the host all the way to the storage and prevents other hosts from mounting the volume.
For VMAX, you can use PowerPath Encryption Enabler as well, or if you are just concerned with protecting the data when drives fail, or the array hardware is decommissioned/sold, you can order VMAX with built-in data-at-rest-encryption which encrypts every disk with it's own key. If any disk is removed from the array, the data on that disk is unreadable. This *helps* companies comply with some of the PCI, HIPPA, and SOX rules.
For NAS Data, also mentioned is that you can insert the Brocade encryption appliance between the NAS gateway and the backend block storage. This is similar to the data-at-rest-encryption available with VMAX, but does not provide end-to-end encryption of the data, ie: from client to NAS.