Question

Local Key Manager (LKM) for DaRE

  • 14 March 2023
  • 0 replies
  • 40 views

Greetings, 

Does the Nutanix Local Key Manager (LKM) satisfy the recommendations/requirements to safely implement the Data at Rest Encryption?

The documentation at: https://portal.nutanix.com/page/documents/details?targetId=Nutanix-Security-Guide-v6_5:wc-security-data-encryption-aos-wc-c.html has the warning: "Caution: DO NOT HOST A KEY MANAGEMENT SERVER VM ON THE ENCRYPTED CLUSTER THAT IS USING IT!! Doing so could result in complete data loss if there is a problem with the VM while it is hosted in that cluster." 

I too share this concern, which led me to investigate External Key Managers, but I am wondering how does using the LKM alleviate this risk? Also, as stated in the Nutanix Bible as well as here: https://portal.nutanix.com/page/documents/solutions/details?targetId=TN-2026-Information-Security:TN-2026-Information-Security 

"Now that Nutanix supports its own native LKM, Nutanix also takes the KEK and wraps it with a 256-bit encryption key called the machine encryption key (MEK). The MEK is distributed among the CVMs in the cluster using a splitting algorithm.Since the MEK is shared, each node can read what other nodes have written. To reconstruct the keys, a majority of the nodes need to be present. We use the equation K = ceiling (n / 2) to determine how many nodes are required for the majority. For example, in an 11-node cluster (n = 11), we would need 6 nodes online to decrypt the data." In the minimum 3-node cluster, which is what I have; that makes K = 2. What happens in the event that 2 of the 3 nodes are unavailable? 


This topic has been closed for comments