Home > Storage > PowerMax and VMAX > Data Protection > Dell PowerMax Data at Rest Encryption > Introduction
Data at Rest Encryption (D@RE) provides full on-array, back-end encryption for PowerMax 2500/8500 systems. Full on-array encryption protects information from unauthorized access when physical drives are removed from the system. D@RE provides full on-array encryption using Dell qualified, industry-standard self-encrypting drives that are FIPS 140-2 validated.
All user data written to the self-encrypting drive (SED) is encrypted with a data encryption key (DEK) internal to the drive.
D@RE incorporates Dell Key Trust Platform (KTP) for on-board, set-and-forget key management.
D@RE can also be deployed with an external key manager using Key Management Interoperability Protocol (KMIP). KMIP provides external centralized key storage and management, which simplifies key generation and recovery management for PowerMax and other KMIP-compatible encryption solutions.
By securing data on PowerMax systems, D@RE ensures that the potential exposure of sensitive data on discarded, misplaced, or stolen media is reduced or eliminated. D@RE supports crypto shredding, which allows for the media in the system to be readily repurposed if needed.
D@RE is compatible with all PowerMax system features and delivers powerful encryption without performance degradation or disruption to existing applications or infrastructure.