...
Swarm provides an option to encrypt all user data on drive volumes. Swarm encrypts the data as it writes it to the drive and decrypts it on access. Because this occurs down at the kernel level, the effect is invisible: there is no difference in accessing encrypted versus unencrypted objects. Encryption is controlled entirely through [disk]
settings in the configuration, but these cannot be changed dynamically (using the Swarm UI or SNMP).
Note |
---|
WarningDue to the high CPU and IO requirements of encryption at rest, using this feature is not recommended in storage virtual machine deployments. |
What it Protects
Swarm volumes generally contain sensitive and proprietary client information. Implementing encryption at rest provides two types of protection:
...
Encryption while reading and writing is a CPU-intensive activity and can typically expect to see a 10-30% performance overhead depending upon workload and hardware. The 2010 Intel Core processor family and later include special AES-NI instructions that implement the more complex and performance intensive steps of AES encryption. These instructions are implemented by AMD in processors starting late in 2011. Swarm's kernel takes advantage of the AES-NI instruction set if available in the CPU.
For more information, see Intel Advanced Encryption Standard Instructions and Wikipedia AES instruction see https://software.intel.com/en-us/articles/intel-advanced-encryption-standard-instructions-aes-ni and https://wikipedia.org/wiki/AES_instruction_set .
Info |
---|
TipTo determine if a given processor has AES-NI support, run |
...