Encrypting data-at-rest is essential for protecting data, and is required by most IT regulatory requirements and compliance laws.
In July 2018, Nutanix released an update to the Acropolis Operating System (AOS 5.8) that includes a built-in encryption key manager for data-at-rest encryption to prevent theft or data loss.
The Nutanix Local Key Management (LKM) can be utilized as an alternative to other external Key Management Server (KMS) solutions to store the keys for the native software-based encryption to simplify managing your environment. This software only solution can be utilized to meet FIPS-140-2 Level-1.
Depending on the hypervisor type and level of configuration, Nutanix provides data-at-rest encryption via three main options:
- Native software-based encryption (FIPS-140-2 Level-1) *released in AOS 5.5
- Using self-encrypting drives (SED) (FIPS-140-2 Level-2)
- Software + hardware encryption
Nutanix Native Key Management Server for Data-at-Rest (DAR) Encryption within the the Nutanix Acropolis Operating System (AOS) utilizes a built-in Cluster Native Key Management Server (KMS) which can manage the encryption keys on the cluster locally, without the need of an external Key Management System.
- The key management operations like re-key, backup, and import are supported.
- In this release, the native KMS option supported for AOS Software Encryption only (not for SED based encryption).
- The native KMS requires a minimum of 3-node cluster.
Whether you're a government agency, legal firm, financial institution, healthcare provider or among the G2000 you are required to comply to more than one security requirement to avoid data breaches and federal penalties.
Data Encryption is now made simple so you don't have to worry about space efficiency, performance and compromises to securing your business operations.
Further Recommended Reading:
- See "Data-at-Rest Encryption" section in the Prism Web Console Guide for more information
- The Following sections of the Nutanix Bible
- Data Encryption and Key Management
- Key Management (KMS)
From the AOS 5.8 Release Notes in the support portal