cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4416
Views
17
Helpful
0
Comments
beveritt
Cisco Employee
Cisco Employee

To view the video in a larger window, or full screen, click this link.

 

In many organizations, the security of the data generated and stored across varying systems and platforms is becoming a significant point of concern. The protection of data has traditionally been constrained to businesses where compliance with industry security standards is required, such as healthcare providers (HIPAA), financial accounting systems (SOX), and credit card transactions (PCI). In today's business environments, the protection of data, and the prevention of data loss and theft has now grown beyond these traditional scopes and reaches into many more datacenter landscapes.

 

HyperFlex clusters can be ordered with self-encrypting disks (SED) which encrypt all of the data stored on them, also known as data-at-rest encryption. In order to configure a HyperFlex cluster for encryption, all of the disks on all of the nodes of the cluster must be SEDs. Since the hardware handles all the encryption and decryption functions, no additional load is placed on the CPUs of the HyperFlex nodes, so encryption is enabled without any reduction in the usable load on the cluster. Storing the data in an encrypted format prevents data loss and data theft, by making the data on the disks unreadable if they are ever removed from the system.

 

Cisco HyperFlex builds on the SED support of the Cisco UCS platform to enable data-at-rest encryption of all the data stored across the entire HyperFlex cluster. Cisco HyperFlex can enable encryption by using additional cryptographic keys to lock the disks, called Authentication Keys (AK). These keys can be manually created, or for additional security they can be created and managed automatically from a central Key Management System (KSM) already present in your organization. In this video description and demonstration, we walk through the operation of HyperFlex encryption, and show how to enable this encryption using both local keys, and centrally managed keys using a SafeNet KeySecure KMS system from Gemalto.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: