Chapter 13. Encryption 747
Figure 13-4 Encryption placement in the SAN Volume Controller software stack
Each volume copy can use different encryption methods (hardware, software). It is also
allowed to have volume copies with different encryption status (encrypted versus
unencrypted). The encryption method depends only on the pool that is used for the specific
copy. You can migrate data between different encryption methods by using volume migration
or volume mirroring.
13.2.1 Encryption methods
There are two ways to perform encryption on devices running IBM Spectrum Virtualize:
hardware encryption and software encryption. Both methods of encryption protect against the
potential exposure of sensitive user data that are stored on discarded, lost, or stolen media.
Both can also facilitate the warranty return or disposal of hardware. Which method is used for
encryption is chosen automatically by the system based on the placement of the data:
Hardware encryption: Data is encrypted by using Serial Attached SCSI (SAS) hardware.
Used only for internal storage.
Software encryption: Data is encrypted by using nodes’ CPU (encryption code leverages
AES-NI CPU instruction set). Used only for external storage.
Note: Software encryption is available in IBM Spectrum Virtualize code V7.6 and later.
To Next Page
Loading...
