Nutanix and Data-at-Rest Encryption
Encryption is more than just an afterthought now for businesses. Where it was once considered an over the top feature to offer encryption, we have increased awareness of data vulnerability both on the wire, and when at rest. More and more data centers are encrypting traffic at the ingress and egress, but what happens once it lands inside the data center?
Nutanix has pushed their feature set to the next level with the 4.1 release of the Nutanix operating system. Along with many other features and improvements that debut in this point release, we have the inclusion of data-at-rest encryption. It is good to note that this does answer the data-at-rest requirement, but does not encrypt data in transit.
The data-at-rest encryption feature is being released with NOS 4.1 and allow Nutanix customers to encrypt storage using strong encryption algorithm and only allow access to this data (decrypt) when presented with the correct credentials, and is compliant with regulatory requirements for data at rest encryption.
This release includes lots of encryption related features including being able to encrypt cluster-wide, and to instantaneously enable/disable, and they even tout instantaneous secure erasure of disks. There is much more to it than that, but the ability to turn the feature on, off, and with live data present, is really something that many will like about it. In other words, you have options to use it as needed in the case that you may not be ready at launch to enable the features.
While the software features are included in the Nutanix OS once you update your environment, you will be required to have a key management server:
At the time of the launch only ESXi is supported and only the SafeNet KeySecure Cryptographic Key Management System is certified, but other key management systems will be supported.
This does limit customers who are using Nutanix for their Hyper-V and KVM deployments, but we can anticipate that those platforms may follow suit in the near future to provide the same features.
Once we see customers adoption encryption as a part of their standard operating procedure, there will be much more demand for these types of features on our storage and converged platforms. Hyper-convergence introduces new efficiency, and by providing virtualization compute and storage in this new model of delivery with encryption added, there will inevitably be more customers eyeing Nutanix as their potential go-to platform.
For a full list of features and a great breakdown of what Nutanix data-at-rest encryption on NOS 4.1 will look like, you can visit Andre Leibovici’s site here for his post on it.