Q. Does Nutanix support inline encryption?
- Inline encryption is not currently supported on the Nutanix platform. However Data At Rest Encryption (DARE) of two kinds is supported:
- Using Self Encrypted Drives (SED) is supported
Security Guide v5.16: Preparing for Data-at-Rest Encryption (SEDs)
Security Guide v5.16: Configuring Data-at-Rest Encryption (SEDs)
- Software Only Data Encryption
Security Guide: Data-at-Rest-Encryption (Software Only)
Q. How do I know that the data is encrypted?
- More details around the encryption status and logs can be viewed via the nCLI, using REST APIs or PowerShell cmdlets. KB-7846 How to verify that data is encrypted with Nutanix data-at-rest encryption
Q. Is it possible to monitor the encryption?
- Monitoring of the encryption state is done via our Nutanix Cluster Checks (NCC) that generate an alert on any issue detected within the cluster. Please keep in mind that enabling encryption is a cluster-scope setting.
Q. What is recommended sizing of the CVM to accommodate additional workload generated by the encryption?
- Generally CVM’s with 32GB of memory should cover all bases. Overhead of the encryption is minimal.
Acropolis Advanced Administration Guide: Controller VM Memory and vCPU Configurations
Q. How does Data at Rest Encryption work?
- For more details on DARE on our platform, please refer to the Data Encryption and Key Management section in the Nutanix Bible, or as mentioned above, the Security Guide. Nutanix Bible: Security and Encryption