Zettaset XCrypt Full Disk

this document provides information about configuring the vectera plus hsm with the zettaset xcrypt full disk solution through pkcs #11 for additional questions about your hsm, see the relevant user guide about zettaset xcrypt full disk zettaset xcrypt full disk, an encryption solution developed by zettaset, a data protection solutions provider, protects physical and virtual environments the primary function of xcrypt full disk is to encrypt the entire hard disk of a system, ensuring that all data stored on the disk is secure and unreadable without the correct decryption key designed with enterprise level security in mind, xcrypt full disk uses aes 256 encryption, which provides a high level of security this software is compatible with a wide range of storage types, including but not limited to hdd, ssd, and nvme zettaset xcrypt full disk includes the following key features automated key management xcrypt full disk comes with an automated key management system this feature automates managing encryption keys, which can be a complex task in a large enterprise environment high performance xcrypt full disk is designed not to impact system performance this means that you can continue to use your system normally while the disk is being encrypted compliance with xcrypt full disk, organizations can meet compliance requirements for data protection and comply with regulations like gdpr, ccpa, hipaa, and others compatibility xcrypt full disk is compatible with various environments and operating systems, supporting both linux and windows environments for more detailed and specific information, we recommend contacting zettaset directly or referring to their official documentation xcrypt full disk deployment details zettaset xcrypt full disk is a partition level encryption solution that delivers the security of the military grade aes 256 bit encryption algorithm while yielding the high performance ideal for bulk encryption and distributed environments xcrypt full disk encrypts entire partitions under the unix file system layer when a partition is unlocked (by authenticating to a key server and retrieving the key) the file system is mounted and becomes available all users with sufficient unix file system permissions can read and write the plaintext those without permission cannot access the decrypted data you can install this solution from the command line, and the deployment relies on the following components installer this device launches the initial zettaset software installation this node can be a target node or a separate device with access to the target nodes it must have the zettaset software and license files, ansible, and the client and ca certificates needed to communicate with third party key management devices (you don't need certificates when using the zettaset key manager ) after the initial installation, you can use the installer to add new nodes, but it has no managerial function target nodes these nodes contain the partitions to be encrypted after the zettaset installation, each node contains the client and ca certificates needed to communicate with the key manager perform key rotation, decryption, and encryption of new partitions directly on the target nodes key manager this secure device stores keys for the encrypted nodes it also contains the ca used for secure communication with the target nodes you can use a third party key management device or the zettaset software based key server, installed anywhere in your cluster if used, the third party key manager must be kmip compliant guardian integration the {{guard}} introduces mission critical viability to core cryptographic infrastructure, including centralization of device management elimination of points of failure distribution of transaction loads group specific function blocking user defined grouping systems see the applicable guide in the {{futurex}} portal for configuring hsms with the {{guard}} , including pkcs #11 and cng configuration