We have a new cluster running AOS6.10 AHV which is nearly ready to go into production it will be replacing two older clusters running ESX. Currently it has no encryption enabled. What is the best option, pros\cons of full cluster encryption compared to Entity Encryption (VM) using storage policies? Its a 4 node cluster and will be hosting around 170 VM’s.
Entity Encryption or Data-at-Rest Encryption cluster encryption??
Best answer by jmotto9
It all depends on the security standard the data requires. The safest suggestion unless you require the highest level (federal government security standard) would be to just encrypt the storage containers. Then worst case scenario is you lose your data and have to restore from backups into new storage containers instead of rebuilding the entire cluster. you can do this with encryption at rest. Encryption each individual entity sounds like alot of extra work and management. If you elect to not encrypt the cluster as well then you can have both non encrypted and encrypted storage containers if required. performance impacts are near 0
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.