Forums

Home / Forums

You need to log in to create posts and topics. Login · Register

encryption at rest

Hi, I was just reading this article around Ceph and encryption at rest. Is this something that will be able to be leveraged with PetaSAN (assuming required 3rd party systems are in place as described in the article, i.e Hashi corp Vault, etc..)?

https://ubuntu.com//blog/ceph-encryption-at-rest?mkt_tok=eyJpIjoiWmpneVlUUXhZV1ExWWpCayIsInQiOiJDTDNJOVJhK0pFeFJxYXp4TnpaTGY3N1pKc1wvMmlVRHpuek43RnY0NUFJcDg4d2RpOHAyRVlsZHlpQVU2cExZXC9IK0R3dHI1aktmbzA2MjhmOGxWUU54c3l3bFJRRmhNMmNzOGJia01qK3hcLzFnamVMeVRpeHgxQVRtKzNNcnIyMCJ9

or would this not be an option for PetaSAN?

The reason for the question is that we are looking at options for encryption at rest within a VMware environment  so far the options are:

1, SAN with encryption

2, VMWare VSAN with encryption

3, VMWare virtual machine encryption

Options 2 + 3 require a VMWare approved KMS solution which are very expensive to own. There does not seem to be any option to leverage cloud KMS solutions while having on prem solution for the KMS side to get round this.

I would expect the Hashi corp vault technology to be more cost friendly, as such having encryption at rest with Ceph while having the flexibility and managability of PetaSAN would be a great advantage.