Encryption and key management

The IBM Storage Ceph cluster typically resides in its own network security zone, especially when using a private storage cluster network. In some cases, there are security requirements to assure the confidentiality or integrity of network traffic, and where IBM Storage Ceph uses encryption and key management.

Note: Security zone separation might be insufficient for protection if an attacker gains access to Ceph clients on the public network.
The following cases are examples of when encryption and key management are used:
  • SSH
  • SSL Termination
  • Messenger v2 protocol
  • Encryption in Transit
  • Compression modes of messenger v2 protocol
  • Encryption at Rest
  • Key rotation