How does SvSAN’s data encryption feature handle various failure scenarios?
Data encryption was launched as a feature in SvSAN 6.2 Advanced Edition. Data encryption is a highly effective and (in this case) low cost method of protecting data, which makes it perfect for edge environments.
What makes SvSAN with Data Encryption different from other solutions is that it does not require the end user to purchase additional hardware (self encrypting drives, special IO cards etc). Complex technology, simplified through a 100% software approach.
An unbelievably flexible solution, SvSAN with Data Encryption is compatible with any KMIP compliant Key Management System (KMS). We’ve updated our Data Encryption: Best Practices for Edge Environments white paper to include common failure scenarios and expected behaviour during KMS failure and subsequent recovery. You can download the full white paper here.
The failure scenarios outline normal running state:
- how the system stays online and running in the case of single KMS server failure
- how full KMS failure can keep running through SvSAN, if the VSAs are online, and recover automatically when the KMS comes back online
- the recovery process for total KMS failure and an offline/rebooting VSA
- and the recovery process for if the keys are revoked or deactivated on the KMS server.
The white paper comprehensively demonstrates each of these failure scenarios, illustrating how SvSAN keeps FIPS 140-2 compliant, encrypted, shared storage running, in the case of KMS failure. In all of the failure cases outlined, SvSAN kept the edge site running and secure, avoiding any downtime and rarely requiring a technician to recover the system.