Secure Data Transfer

Secure Data Transfer (SDT) provides a way to securely read and write logical volume data between clusters within a grid.

Logical volume copies will be encrypted only when the encryption is enabled on both ends of a copy transaction. If one of the pairs does not have encryption enabled the logical volume will not be encrypted.

SDT uses OpenSSL software libraries with the TLS1.2 protocol following AES standards. Both AES-256 and AES-128 bit keys are supported. Logical volume data is encrypted within the TS7700 prior to transport so no special network requirements are needed.

During logical volume transfers, each TS7700 can be employed as a client or a server depending on the direction of data travel. The client will always initiate the data transfer request. As a server, both AES-256 and AES-128 are always supported. As a client, the key size used will depend on the selection made at the Secure Data Transfer on the TS7700 Management Interface page when SDT is enabled. During the key exchange process, the highest common key will be used.

Table 1. Examples of highest common key
C0 C1 "highest common key"
AES256 AES256 AES256
AES256 AES128 AES128
AES128 AES128 AES128
disable AES256 disable

Feature Code 5281 is required to enable SDT. SDT cannot be enabled on a stand-alone TS7700.

To access the Secure Data Transfer page within the Management Interface, go to Settings > Cluster Settings > Secure Data Transfer.

The SDT options are:
  • Encryption :This allows customers to enable/disable encryption and select an AES encryption key size via the MI as a concurrent activity. Selecting a key size automatically enables encryption for this TS7700.
    Encryption Option Description
    Disabled Encryption is disabled
    AES-128 Encryption is enabled with 128 bit encryption
    AES-128 Encryption is enabled with 256 bit encryption
  • Protocol : TS7700 supports TLS1.2.
  • SSL Certificate : The TS7700 uses a default certificate known as “lwiks” for SDT server authentication. Users can optionally uploaded their own trusted certificates from the MI SSL Certificate panel at Access > SSL Certificate.