Skip to main content
NetApp Knowledge Base

How does Element drive encryption work?

Views:
284
Visibility:
Public
Votes:
2
Category:
element-software
Specialty:
solidfire
Last Updated:

Applies to

  • NetApp Element Software
  • All NetApp SolidFire Storage Nodes
  • All NetApp SolidFire SSDs

Answer

How encryption keys are created

  • Each drive has a single ‘bulk encryption key’ per drive and Drive Password protects (encrypts) the key.  We don't actually set the keys themselves, but we manage the drive passwords
  • We create a shamir share from the drive password and split it across the cluster.  So it is a key per drive with a shared password that is split across the cluster

 
Process for changing keys
Passwords (usually referred to as keys but they are not encryption keys, they are passwords to unlock the drives). The password encrypts the “bulk key” which is then used to encrypt every byte on the drive. Because passwords only encrypt the ‘bulk keys’ they can be set and changed quickly.  The password is stored safely by us across the cluster so they don't live with the drive nor on a single node and never traverse the wire intact. That password can be reset by disabling our encryption feature and then turning it back on and it takes minutes

  1. The above procedure will change the drive password on every drive across the cluster
  2. If a customer needs to reset the actual encryption keys on the drive the drives must be "secure erased,” which means throwing away the ‘bulk key’ and generating a new one. The process in our system to change the ‘bulk encryption key’ adds the steps of remove / add the drive so that we migrate and protect the data (otherwise it would be lost)

Process for storing archived keys
The drive’s password are not archived, but is stored across the cluster and at least 2+ nodes are needed in order to assemble the password and unlock the drives

Process for exchanging or transmitting keys
Currently, key management is handled locally and cannot be transmitted/exchanged externally
 
Process for revoking keys
The password for the bulk key can be reset by disabling our encryption feature and then turning it back on and it takes minutes. This will reset the bulk key password
For key rotation of an individual drive:

  1. "remove" the drive from the cluster via the UI/API so it is in the available state
  2. Use the secure erase API command on the drive
  3. This forces the drive to wipe the encrypted data throw away the old key and generate a new one
  4. Then add the drive back into the cluster
  5. This could be automated with a script

What encryption algorithms are used?
Currently the majority of SolidFire’s cryptography is implemented through OpenSSL. Skein and Shamir Share are utilized. Shamir Share is an algorithm in cryptography created by Adi Shamir. It is a form of secret sharing, where a secret is divided into parts, giving each participant its own unique part, where some of the parts or all of them are needed in order to reconstruct the secret
 
What encryption strength is used?
AES-256 is the standardized encryption specification used by SolidFire
 
What bit length is used for Certificates (if applicable; should be 2048 bits or higher)
Currently, SolidFire does not utilize Certificates generated externally and imported to module with 2048 bit key or higher
 
Screen shot showing the current configuration of the encryption settings
SolidFire utilizes Self Encrypting Drives. Cluster wide data at rest encryption can be turned on/off without any performance impact to the cluster. See SolidFire Element Software Users and API guides

Cluster GUI > Settings > Encryption at Rest > Enable Encryption at Rest

clipboard_e92a520fc5d95d25614b3370fc9981453.png

Additional Information

additionalInformation_text

 

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.