6 Replies Latest reply: Oct 15, 2012 3:34 PM by Rich RSS

Can VNX encrypt data?


Can the VNX or any other EMC Storage Array encrypt data at rest?

  • 1. Re: Can VNX encrypt data?

    for block storage ? not natively, you can use PowerPath encryption enabler with RSA

  • 2. Re: Can VNX encrypt data?

    VMAX on the other hand can do it the engine so there is no need for any host software.

  • 3. Re: Can VNX encrypt data?



    What is meant by "Data is encrypted where created"?  I found this in the Security and Compliance Suite for VNX.


    Security and Compliance
    Protects data from unwanted changes and other actions. Data is encrypted where created and protected anywhere outside the server. File-level retention supports compliance

  • 4. Re: Can VNX encrypt data?

    For block there is no native encryption so this must be referring to file. A while back there was an option to purchase celerra with brocade switches that would encrypt data between datamovers and backend storage ..not sure if this option is available for VNX.

  • 5. Re: Can VNX encrypt data?

    Thanks again. 

  • 6. Re: Can VNX encrypt data?

    The Security and Encryption Suite for VNX includes licenses for a few Block and File features.  Specifically for encryption, the suite includes the right to use PowerPath Encryption for any hosts attached to that VNX.  The RSA key manager is still required to manage the keys, but the suite provides the powerpath portion of the licenses.


    For VNX and Clariion, as others have mentioned, use PowerPath Encryption Enabler with RSA.  This provides encryption from the host all the way to the storage and prevents other hosts from mounting the volume.


    For VMAX, you can use PowerPath Encryption Enabler as well, or if you are just concerned with protecting the data when drives fail, or the array hardware is decommissioned/sold, you can order VMAX with built-in data-at-rest-encryption which encrypts every disk with it's own key.  If any disk is removed from the array, the data on that disk is unreadable.  This *helps* companies comply with some of the PCI, HIPPA, and SOX rules.


    For NAS Data, also mentioned is that you can insert the Brocade encryption appliance between the NAS gateway and the backend block storage.  This is similar to the data-at-rest-encryption available with VMAX, but does not provide end-to-end encryption of the data, ie: from client to NAS.