Customers from different industries and institutions are very interested in Virtual SAN as a storage solution not just because of the technological value it delivers today, but because of the product’s undeniable value around operational efficiency, ease of management, and flexibility.
Some of these customers are from financial, healthcare and government institutions, and conduct their business in areas that are governed by regulatory compliance laws such as HIPPA, PCI-DSS, FedRAMP, Sarbanes-Oxley, etc. These laws demand compliance with numerous security measures, one of them being the ability to guarantee data integrity by securing data with some form of encryption.
Today Virtual SAN does not include encryption as one of its data services as this feature is currently under development for a future release. Now, when considering Virtual SAN as a potential solution wherever data encryption is a requirement based on regulatory compliance laws, it’s important to know what options are currently available.
In Virtual SAN the encryption data service capabilities are offloaded to hardware-based offerings available through Virtual SAN Ready Nodes. Data encryption data services are exclusively supported on Virtual SAN Ready Node appliances that are comprised with all of the certified and compatible hardware devices that provide encryption capabilities such as self-encrypting drives, and/or storage controllers. The Virtual SAN Ready Node appliances are offered by just about all the OEM hardware vendors that are part of VMware’s ecosystem.
An alternative option to the Virtual SAN Ready Nodes is a software based solution developed and offered by a company called Hytrust. Hytrust is one of the members of VMware’s partner ecosystem whose business is focused around the delivery of data security services for private and public cloud infrastructures. The solution I want to highlight in particular is called Hytrust DataControl.
Hytrust DataControl is a software-based solution that is designed with the capability of protecting virtual machines and their data throughout their entire lifecycle (from creating to decommission). Hytrust DataControl delivers both encryption and key management services.
This solution is built specifically to address the unique requirements of private, hybrid and public clouds, combining robust security, easy deployment, exceptional performance, infrastructure independence, and operational transparency. Hytrust DataControl ease of deployment and management capabilities complies with one of the main principles of Virtual SAN which is simplicity and ease of management.
Hytrust DataControl virtual machine edition is based on a software agent that encrypts data from within the Windows or Linux operating system of a virtual machine, ensuring protection and multi-tenancy of data in any infrastructure. DataControl also allows you to transfer files between VMs, so you can securely migrate stored data from your private to the public cloud.
The deployment of the Hytrust DataControl solution and installation and configuration of the software is done in a couple of easy steps which take just a few minutes. Once the software is resident, any data written to storage by an application will be encrypted both in motion, as it travels securely through the hypervisor and network, and also at rest on the Virtual SAN datastore.