Installation & Configuration

Welcome to the Nutanix NEXT community. To get started please read our short welcome post. Thanks!

cancel
Showing results for 
Search instead for 
Did you mean: 

Data at Rest Encryption Cold Reboot - Testing

SOLVED Go to solution
Adventurer

Data at Rest Encryption Cold Reboot - Testing

Hi,

 

Have a Nutanix cluster using Vormetric Key Management and SED's.  

The test is disconnect the Key mangers from the network - and do a power off reboot to a Nutanix Node.

 

We expected the machine to come up with ESXi from the SATADOM boot - but there were a CVM also loaded.  All of the cluster services were down and the node wasn't functional - but we were surprised to see the CVM has started.  

Is this expected behavior?   Our understanding was that the CVM was stored on the drives (which should have been locked)  or  did we just see the SVMBOOT portion of the CVM and it wasn't really all there?

 

Thanks for any feedback.

Bob

 

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Chevalier

Re: Data at Rest Encryption Cold Reboot - Testing

satadom houses hypervisor and base config of CVM also svmboot.iso used by CVM to boot 

so whenever KMIP disconnected from the box CVM will always able to start

communication between ESXi and CVM boot partition not encrypted 

data is only encrypted when they touch SED drives 

you can try by unmount the SED drives and mount it to another system 

3 REPLIES
Highlighted
Chevalier

Re: Data at Rest Encryption Cold Reboot - Testing

satadom houses hypervisor and base config of CVM also svmboot.iso used by CVM to boot 

so whenever KMIP disconnected from the box CVM will always able to start

communication between ESXi and CVM boot partition not encrypted 

data is only encrypted when they touch SED drives 

you can try by unmount the SED drives and mount it to another system 

Adventurer

Re: Data at Rest Encryption Cold Reboot - Testing

Ok - so it sounds like the CVM starting (but not operational) is expected behavior.

Thanks 

That is really the validation I was looking for..

Community Manager

Re: Data at Rest Encryption Cold Reboot - Testing

Great to see you helping the community @bezeddin - we are lucky to have you!