QuantaStor SDS End-to-End Encryption and Security
Maintaining secure systems is an increasingly important focus and practice for all IT organizations. To ensure strong security enforcement, QuantaStor SDS includes end-to-end security coverage enabling multi-layer data protection “on the wire” and “at rest” for enterprise and cloud storage deployments. Combining protocol-level encryption with SMB, IPsec and HTTPS across any storage grid, hardware and software disk drive encryption with Intel AES-NI technology and advanced user security featuring role-based access controls, QuantaStor SDS end-to-end security is ideal for industry applications ranging from energy, healthcare, financial services and education to government.
QuantaStor SDS End-to-End Security Model
The QuantaStor SDS end-to-end security model provides multi-layer data protection at the user level, data level, application layer with client security and across storage grids. (Figure 1)
User Security - QuantaStor goes beyond basic Role Based Access Control (RBAC) with Advanced User Security by masking user permissions and allowing administrators to grant permissions for users at the storage object level, to all objects in the user's associated cloud(s) or to the entire storage system.
Data Security – For data-at-rest, QuantaStor features “one-click” full drive software encryption with Intel AES-NI technology and FIPS 140-2 self-encrypting drive support with certified hardware.
Client Security – For data on-the-wire, QuantaStor provides encryption via SMB3, IPSec, and HTTPS. For iSCSI storage, QuantaStor uses Challenge-Handshake Authentication Protocol (CHAP) supporting CHAP for storage volumes, user levels and storage clouds providing easier management and SAN security.
Grid Security – All data replication and storage grid management communications are encrypted using SSL/TLS 1.2 with strong ciphers.