Data storage

Zettaset XCrypt Full Disk

3min

This document provides information regarding configuring the



with the Zettaset XCrypt Full Disk solution through PKCS #11 and KMIP. For additional questions related to your

device, see the relevant user guide.

About Zettaset XCrypt Full Disk

Zettaset, a data protection solutions provider, developed XCrypt Full Disk, an encryption solution that protects physical and virtual environments. The primary function of XCrypt Full Disk is to encrypt a system's entire hard disk, ensuring that all data stored on the disk is secure and unreadable without the correct decryption key.

XCrypt Full Disk, designed with enterprise-level security in mind, uses AES-256 encryption, a high-security standard. This software is compatible with a wide range of storage types, including HDD, SSD, and NVMe.

Key features of Zettaset XCrypt Full Disk include:

  • Automated Key Management: XCrypt Full Disk has an automated key management system. This feature automates the process of managing encryption keys, which can be a complex task in a large enterprise environment.
  • High Performance: XCrypt Full Disk is designed not to impact system performance. This means that you can continue to use your system normally while the disk is being encrypted.
  • Compliance: With XCrypt Full Disk, organizations can meet compliance requirements for data protection regulations such as GDPR, CCPA, HIPAA, and others.
  • Compatibility: XCrypt Full Disk is compatible with various environments and operating systems.

Note that for more detailed and specific information, it would be best to contact Zettaset directly or refer to their official documentation.

XCrypt Full Disk deployment details

Zettaset XCrypt Full Disk is a partition-level encryption solution that delivers the security of the military-grade AES 256-bit encryption algorithm while yielding the high-performance ideal for bulk encryption and distributed environments.

XCrypt Full Disk encrypts entire partitions under the UNIX file system layer. When a partition is unlocked (by authenticating it to a key server and retrieving the key), the application unmounts the file system and makes it available. All users with sufficient UNIX file system permissions can read and write the plaintext. Those without permission cannot access the decrypted data.

Perform the installation from the command line.

The deployment relies on the following types of entities:

Installer: This device launches the initial Zettaset software installation. This node can be a target node or a separate device with access to the target nodes. It must have the Zettaset software and license files, ansible, and the client and CA certificates needed to communicate with any third-party Key Management device used. (You don't need certificates when using the Zettaset Key Manager.) After the initial installation, you can use the installer to add new nodes, but the installer doesn't have any more managerial functions.

Target Nodes: These nodes contain the partitions to be encrypted. After the Zettaset installation, each node contains the client and CA certificates needed to communicate with the Key Manager. Key rotation, decryption, and encryption of new partitions are done directly on the target nodes.

Key Manager: This secure device stores keys for the encrypted nodes. It also contains the CA used for secure communication with the target nodes. You can use a third-party Key Management device (such as

) or use the Zettaset software-based key server, which you can install anywhere in your cluster. The third-party Key Manager must be KMIP compliant.