Zettaset XCrypt Full Disk
This document provides information about configuring the Vectera Plus HSM with the Zettaset XCrypt Full Disk solution through PKCS #11. For additional questions about your HSM, see the relevant user guide.
Zettaset XCrypt Full Disk, an encryption solution developed by Zettaset, a data protection solutions provider, protects physical and virtual environments. The primary function of XCrypt Full Disk is to encrypt the entire hard disk of a system, ensuring that all data stored on the disk is secure and unreadable without the correct decryption key.
Designed with enterprise-level security in mind, XCrypt Full Disk uses AES-256 encryption, which provides a high level of security. This software is compatible with a wide range of storage types, including but not limited to HDD, SSD, and NVMe.
Zettaset XCrypt Full Disk includes the following key features:
Automated Key Management
XCrypt Full Disk comes with an automated key management system. This feature automates managing encryption keys, which can be a complex task in a large enterprise environment.
High Performance
XCrypt Full Disk is designed not to impact system performance. This means that you can continue to use your system normally while the disk is being encrypted.
Compliance
With XCrypt Full Disk, organizations can meet compliance requirements for data protection and comply with regulations like GDPR, CCPA, HIPAA, and others.
Compatibility
XCrypt Full Disk is compatible with various environments and operating systems, supporting both Linux and Windows environments.
For more detailed and specific information, we recommend contacting Zettaset directly or referring to their official documentation.
Zettaset XCrypt Full Disk is a partition-level encryption solution that delivers the security of the military-grade AES 256-bit encryption algorithm while yielding the high-performance ideal for bulk encryption and distributed environments.
XCrypt Full Disk encrypts entire partitions under the UNIX file system layer. When a partition is unlocked (by authenticating to a key server and retrieving the key) the file system is mounted and becomes available. All users with sufficient UNIX file system permissions can read and write the plaintext. Those without permission cannot access the decrypted data.
You can install this solution from the command line, and the deployment relies on the following components:
Installer
This device launches the initial Zettaset software installation. This node can be a target node or a separate device with access to the target nodes. It must have the Zettaset software and license files, Ansible, and the client and CA certificates needed to communicate with third-party Key Management devices. (You don't need certificates when using the Zettaset Key Manager.) After the initial installation, you can use the installer to add new nodes, but it has no managerial function.
Target Nodes
These nodes contain the partitions to be encrypted. After the Zettaset installation, each node contains the client and CA certificates needed to communicate with the Key Manager. Perform key rotation, decryption, and encryption of new partitions directly on the target nodes.
Key Manager
This secure device stores keys for the encrypted nodes. It also contains the CA used for secure communication with the target nodes. You can use a third-party key management device or the Zettaset software-based key server, installed anywhere in your cluster. If used, the third-party Key Manager must be KMIP compliant.