Zettaset XCrypt Full Disk
This document provides information regarding configuring the Futurex Vectera Plus HSM with Zettaset's XCrypt Full Disk solution through PKCS #11. For additional questions related to your HSM, see the relevant user guide.
Zettaset XCrypt Full Disk is an encryption solution designed to protect physical and virtual environments. This software is developed by Zettaset, a data protection solutions provider. The primary function of XCrypt Full Disk is to encrypt the entire hard disk of a system, ensuring that all data stored on the disk is secure and unreadable without the correct decryption key.
XCrypt Full Disk is designed with enterprise-level security in mind. It uses AES-256 encryption, which is a high standard of encryption that provides a high level of security. This software is compatible with a wide range of storage types, including but not limited to HDD, SSD, and NVMe.
Key features of Zettaset XCrypt Full Disk include:
Automated Key Management
XCrypt Full Disk comes with an automated key management system. This feature automates the process of managing encryption keys, which can be a complex task in a large enterprise environment.
High Performance
XCrypt Full Disk is designed not to impact system performance. This means that users can continue to use their system as normal while the disk is being encrypted.
Compliance
With XCrypt Full Disk, organizations can meet compliance requirements for data protection. This software helps organizations comply with regulations like GDPR, CCPA, HIPAA, and others.
Compatibility
XCrypt Full Disk is compatible with a wide range of environments and operating systems. It supports both Linux and Windows environments.
Please note that for more detailed and specific information, it would be best to directly contact Zettaset or refer to their official documentation.
Zettaset XCrypt Full Disk is a partition-level encryption solution that delivers the security of the military-grade AES 256-bit encryption algorithm while yielding the high-performance ideal for bulk encryption and distributed environments.
XCrypt Full Disk encrypts entire partitions under the UNIX file system layer. When a partition is unlocked (by authenticating to a key server and retrieving the key) the file system is mounted and becomes available. All users with sufficient UNIX file system permissions can read and write the plaintext. Those without permission cannot access the decrypted data.
Installation is performed from the command line.
The deployment relies on three types of entities:
Installer
This is the device used to launch the initial Zettaset software installation. This node can be a target node, or a separate device with access to the target nodes. It must have the Zettaset software and license files, ansible, and the client and CA certificates needed to communicate with any 3rd-party Key Management device used. (No certificates are needed when using Zettaset’s own Key Manager.) After the initial installation, the installer can be used to add new nodes, but it doesn’t have any more managerial function.
Target Nodes
These are the nodes that contain the partitions to be encrypted. After the Zettaset installation, each node will contain the client and CA certificates needed to communicate with the Key Manager. Key rotation, decryption, and encryption of new partitions are done directly on the target nodes.
Key Manager
This is the secure device used to store keys for the encrypted nodes. It also contains the CA used for secure communication with the target nodes. You can use a 3rd-party Key Management device, or use Zettaset’s software-based key server, which can be installed anywhere in your cluster. The 3rd-party Key Manager must be KMIP compliant.
The Guardian Series 3 introduces mission-critical viability to core cryptographic infrastructure, including:
- Centralization of device management
- Elimination of points of failure
- Distribution of transaction loads
- Group-specific function blocking
- User-defined grouping systems
See the applicable guide in the Futurex Portal, which covers how to use the Guardian Series 3 to configure HSMs for PKCS #11 integrations.