Veritas InfoScale Enterprise 7.1: Block-level encryption of VxVM data volumes
VxVM provides advanced security for data at rest through encryption of VxVM data volumes. Encryption is a technology that converts data or information into code that can be decrypted only by authorized users.
You can encrypt VxVM data volumes to:
• Protect sensitive data from unauthorized access
• Retire disks from use or ship them for replacement without the overhead of secure wiping of content
The implementation uses the Advanced Encryption Standard (AES) cryptographic algorithm with 256-bit key size validated by the Federal Information Processing Standard (FIPS) Publication 140-2, (FIPS PUB 140-2) security standard. You can encrypt volumes or disk groups in your storage environment. VxVM generates a volume encryption key at the time of volume creation. The volume encryption key is secured (wrapped) using a key wrap. The wrapped key is stored with the volume record. The volume encryption key is not stored on disk.
You can secure the volume encryption key using one of the following methods:
If you encrypt a disk group, all volumes in the disk group are encrypted. Any volume created later on the disk group will also be encrypted by default. Only new volumes that are created using disk group version 220 or later can be encrypted by VxVM.
When you start an encrypted volume, VxVM uses the key wrap to retrieve the volume encryption key and enable access to the volume.
Some of the administrative tasks you can perform are as follows:
- Creating encrypted volumes
- Viewing encrypted volumes
- Automating startup for encrypted volumes
- Configuring a Key Management Server
Veritas InfoScale documentation for other releases and platforms can be found on the SORT website.