跳转到主内容

分层时冷加密的加密块是否也已加密?

Views:
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
core<a>2009年292751</a>
Last Updated:

适用场景

  • ONTAP 9
  • 加密
  • FabricPool

问题解答

Security
FabricPool 在本地层、云层以及在各层之间移动数据时通过线缆保持AES-256-GCM加密。

本地层

  • FabricPool 支持NetApp存储加密(NetApp Storage Encryption、NSE)、NetApp卷加密(NetApp Volume Encryption、NVE)和NetApp聚合加密(NetApp Aggregate Encryption、NAE)。
  • 使用FabricPool 不需要NSE、NVE或NAE。

通过线缆

  • 在本地层和云层之间移动的对象使用AES-256-GCM使用TLS 1.2进行加密。
  • 不支持其他加密模式、例如CCM。在某种程度上、加密会影响连接(延迟)、因为对象存储必须使用CPU周期对数据进行解密。
  • 支持在不使用TLS加密的情况下与对象存储进行通信、但不建议这样做。

云层

  • 迁移到云层时、由NVE/NAE加密的所有对象都将保持加密状态。
  • 客户端加密密钥归ONTAP 所有。

追加信息

请参见 FabricPool 最佳实践

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.
Scan to view the article on your device