Explain Data-at-Rest Encryption (DARE) functionality
The data-at-rest encryption feature is being released with NOS 4.1 and allow Nutanix customers to encrypt storage using strong encryption algorithm and only allow access to this data (decrypt) when presented with the correct credentials, and is compliant with regulatory requirements for data at rest encryption.
Nutanix data-at-rest encryption leverages FIPS 140-2 Level-2 validated self-encrypting drives, making it a future proof since it uses open standard protocols KMIP and TCG.
Nutanix provides data-at-rest encryption via three main options:
- Native software-based encryption (FIPS-140-2 Level-1) *released in 5.5
- Using self-encrypting drives (SED) (FIPS-140-2 Level-2)
- Software + hardware encryption
This encryption is configured at either the cluster or the container level, and is dependent on the hypervisor type:
- Cluster level encryption:
- AHV, ESXi, Hyper-V
- Container level encryption:
- ESXi, Hyper-V