This video talks about Data at Rest Encryption (D'RE) overview, benefit, operations, settings, and demo on Unity system.
Hello and welcome to this E MC A T video.
In this video, we will talk about the data actress encryption feature in unity. Here is the agenda for this video. We will start first with an overview, then we will talk about the benefits of their address encryption afterward. We will discuss how encryption works and how you can enable encryption. Lastly, we will show a demo and we'll point out where to find additional resources. Overview. Data address encryption is a feature in unity systems. This feature is controller based. This means all the user data written to the array from hosts or clients will be encrypted at the S A controller level. This protects against unauthorized access to lost stolen or failed drives data in a flight or in a process in moving to the software star would not be encrypted.
Data address, encryption applies to embedded SASS ports as well. Any additional SASS models. Also, this feature will be enabled by default when first licensing the system and is included in the base software package by default, the solution will be pips 142 level one compliant using advanced encryption standard algorithms. Another thing to note this feature uses an internal key manager and there is currently no option to use an external key manager benefits of data address encryption using data address encryptions, eliminates the need for self encrypting drives where each individual drive will handles the encryption. Because not all drive types and capacities include self encrypting variants.
Having an embedded solution is a simpler and lower cos approach to encrypt the entire system. It also allows to use any type of a drive and not run the risk for not finding a specific drive type that does not support encryption. Because this at the control level, it is going not to have impact to the data services which are applied higher in the software stack. For example, snapshots replication and fast VP. All other data services are fully supported with encryption as well. Also data address encryption will have very little to no impact on the overall performance of the system. In this example, we have two different blocks and each of these blocks is simply a string of zeros. We want to write these blocks of data to two different drives. In this example, it's a drive five and a drive six.
The first thing we see when we write this data, it becomes encrypted when passing the S controller level, each drive has its own encryption key. So our two blocks of data will be encrypted and stored differently for each drive. Although it is the same strength of zeros. All the drive keys are stored in an encrypted keys star kept in the unity system. For unity systems, data address encryption will be a license option that it is enabled by default. When applying the license file data will be permanently enabled. If the license file includes encryption and permanently disabled. If the license file does not include an encryption license, the encryption state cannot be changed afterward. Once the initial install has been completed, let's now walk through a demo and unisphere.
After you log in into unisphere. Click the gear icon to go to the settings page to make sure that you have data address encryption enabled in your system. You can check from the license list. We can see here. It has been enabled to check the status of encryption. Go to the management and click encryption here. You can check the status of the encryption over here. It says encrypted. Also from here you can download the keys store file to back up the key store to an external. This can be used to restart the system in the unlikely case that the internal copies of the keys store became corrupted.
In addition, you can download the audit log and check some to check the logs of data addressed encryption for extra help about the status of encryption. Click the help button for more information. Thank you for watching unity video for additional resources. Please check the E MC unity data address, encryption white paper that can be found at E MC online support.
