Secure Data Transfer
Secure Data Transfer (SDT) provides a way to securely read and write logical volume data between clusters within a grid.
When you enable SDT, both logical volume data and certificates are encrypted while being transferred.
Logical volume copies will be encrypted only when the encryption is enabled on both ends of a copy transaction. If one of the pairs does not have encryption enabled, the logical volume will not be encrypted.
SDT uses OpenSSL software libraries with the TLS1.2 protocol following AES standards. Both AES-256 and AES-128 bit keys are supported. Logical volume data is encrypted within the TS7700 prior to transport so no special network requirements are needed.
During logical volume transfers, each TS7700 can be employed as a client or a server depending on the direction of data travel. The client will always initiate the data transfer request. As a server, both AES-256 and AES-128 are always supported. As a client, the key size used will depend on the selection made at the Secure Data Transfer on the TS7700 Management Interface page when SDT is enabled. During the key exchange process, the highest common key will be used.
C0 | C1 | "highest common key" |
---|---|---|
AES256 | AES256 | AES256 |
AES256 | AES128 | AES128 |
AES128 | AES128 | AES128 |
disable | AES256 | disable |
Feature Code 5281 is required to enable SDT. SDT cannot be enabled on a stand-alone TS7700.
To access the Secure Data Transfer page within the Management Interface, go to Settings > Cluster Settings > Secure Data Transfer.
- Encryption : This allows customers to enable/disable encryption and
select an AES encryption key size through the MI as a concurrent activity. Selecting a key size
automatically enables encryption for this TS7700.
Encryption Option Description Disabled Encryption is disabled AES-128 Encryption is enabled with 128-bit encryption AES-256 Encryption is enabled with 256-bit encryption - Protocol : TS7700 supports TLS1.2.
- SSL Certificate : The TS7700 uses a default certificate known as “lwiks” for SDT server authentication. Users can optionally uploaded their own trusted certificates from the MI SSL Certificate panel at Access > SSL Certificate.