To enable businesses to safeguard their data to meet their organizational security and compliance requirements, Cloudistics encrypts all data residing in the storage pool by default. This way all data residing in the storage pool is automatically encrypted prior to persisting to storage and decrypted prior to retrieval. The encryption, decryption, and key management are totally transparent to users.
If you need to achieve NIST FIPS 140-2 Level 2 compliance, you can use a KMIP-compliant key management service to manage encryption keys. Key Management Interoperability Protocol (KMIP) provides secure, centralized remote key management. Instead of storing the password locally, KMIP securely stores the password on a remote server through an encrypted channel. If a machine is stolen, or compromised then the password can be removed, and/or the host credentials can be revoked from the KMIP server and the machine will be unable to decrypt the drives once it is rebooted.
The topics in this section of the user guide describe how to configure this additional level of key management and how to set up KMIP in your Cloudistics environment.