Primary Storage

Hello,

I'm starting a deployment where the customer has encryption licenses on the backend storage (FS7300 with FCMs) and on the frontend (SVC3).

The request is to enable encryption with USB + key servers.

Usually I see deployment with SVC where only the backend storage is encrypted, in this scenario makes sense to activate encryption on both the frontend and backend? what's the best practice?

thanks

Hello,

I'm starting a deployment where the customer has encryption licenses on the backend storage (FS7300 with FCMs) and on the frontend (SVC3).

The request is to enable encryption with USB + key servers.

Usually I see deployment with SVC where only the backend storage is encrypted, in this scenario makes sense to activate encryption on both the frontend and backend? what's the best practice?

thanks

Hi,

Is it possible to to disable the encryption in the FS7300 Side (FCM) ?

Thanks, 

Alex

Hello,

I'm starting a deployment where the customer has encryption licenses on the backend storage (FS7300 with FCMs) and on the frontend (SVC3).

The request is to enable encryption with USB + key servers.

Usually I see deployment with SVC where only the backend storage is encrypted, in this scenario makes sense to activate encryption on both the frontend and backend? what's the best practice?

thanks

Hello,

I'm starting a deployment where the customer has encryption licenses on the backend storage (FS7300 with FCMs) and on the frontend (SVC3).

The request is to enable encryption with USB + key servers.

Usually I see deployment with SVC where only the backend storage is encrypted, in this scenario makes sense to activate encryption on both the frontend and backend? what's the best practice?

thanks

Hello Davide,
The problem is that the encryption (Data at Rest), if you use it on the SVC, will negatively affect the compression of the FCMs in the FlashSystem. Therefore the best practice is to encrypt this on the flash system. Encryption on the SVC should only be used on storage systems that are not capable of it themselves.

Greetings Patrik

Hello,

I'm starting a deployment where the customer has encryption licenses on the backend storage (FS7300 with FCMs) and on the frontend (SVC3).

The request is to enable encryption with USB + key servers.

Usually I see deployment with SVC where only the backend storage is encrypted, in this scenario makes sense to activate encryption on both the frontend and backend? what's the best practice?

thanks

The general rule is to do Encryption after compression (otherwise the data is not compressible).

If you are using DRP compression, then the SVC is an appropriate place to do the encryption (and it uses AES-NI commands in Intel which are marginally impacting, but generally speaking, that is not significant in an SVC appliance).

However, if you are relying on FCMs for the compression, it is better to do the encryption for the data at rest on the FlashSystem (as the drives are all SED).  This ensures best compression savings + encryption of data at rest.

There are other considerations such as how much of the data is on the network unencrypted and what your security policies are, however, the above should sort the basic case for encryption of data at rest.

Hello Davide,
The problem is that the encryption (Data at Rest), if you use it on the SVC, will negatively affect the compression of the FCMs in the FlashSystem. Therefore the best practice is to encrypt this on the flash system. Encryption on the SVC should only be used on storage systems that are not capable of it themselves.

Greetings Patrik

Hello,

I'm starting a deployment where the customer has encryption licenses on the backend storage (FS7300 with FCMs) and on the frontend (SVC3).

The request is to enable encryption with USB + key servers.

Usually I see deployment with SVC where only the backend storage is encrypted, in this scenario makes sense to activate encryption on both the frontend and backend? what's the best practice?

thanks