Nutanix software data encryption with native key management server

Shares

Since AOS 5.5 you can use software encryption to secure data on Nutanix instead of SED drives. To enable encryption, with AOS 5.5 you have to have external Key management system (KMS) to manage encryption keys. With AOS 5.8 release, Nutanix introduced local Key native Management System (Native KMS). Software solution build in Acropolis to help you reduce infrastructure and certificate management complexity by replacing external (hardware based) KMS solutions.

NOTE: external KMS are still supported. As of today (Sep 5, 2018) following external KMS systems are supported:

  • Gemalto SafeNet
  • Verometric
  • IBM SKLM
  • Winmagic
  • Fornetics

Software-based encryption is supported on:

  • cluster level for Nutanix AHV, VMware vSphere and Microsoft Hyper-V
  • container level – VMware vSphere and Microsoft Hyper-V

How to enable Nutanix Software encryption with a native key management system.

Requirements:

  • AOS 5.8
  • at least 3 node cluster
  • hypervisors:
    • Nutanix AHV
    • VMware vSphere
    • Microsoft Hyper-V
  • encryption licenses

NOTE: As of today (Sep 5, 2018)  Nutanix with AHV you can enable software encryption only on an empty cluster (without any  Guest VMs).

  • Apply encryption License cluster
  • To enable software encryption on Nutanix cluster, log in to Prism Element and from the main menu choose Data-at-Rest Encryption. Choose Cluster’s local KMS. 
  • Save KMS type

  • That’s it. Encryption on the cluster has been enabled. Next step will be to backup encryption Keys and store it in a safe place outside of the cluster

    Backup encryption keys

    Now the system is ready to encrypt the data. You can enable encryption in advance setting of the container

    Enable encryption on container

0 0 votes
Article Rating

Artur Krzywdzinski

Artur is Consulting Architect at Nutanix. He has been using, designing and deploying VMware based solutions since 2005 and Microsoft since 2012. He specialize in designing and implementing private and hybrid cloud solution based on VMware and Microsoft software stacks, datacenter migrations and transformation, disaster avoidance. Artur holds VMware Certified Design Expert certification (VCDX #077).

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x

FOR FREE. Download Nutanix port diagrams

Join our mailing list to receive an email with instructions on how to download 19 port diagrams in MS Visio format.

NOTE: if you do not get an email within 1h, check your SPAM filters

You have Successfully Subscribed!

Don't miss any posts. Subscribe To Our Newsletter!!

Join our mailing list to receive the latest news and updates from www.vmwaremine.com.

You have Successfully Subscribed!

Pin It on Pinterest