Home > Storage > PowerMax and VMAX > Data Protection > Dell PowerMax: Reliability, Availability, and Serviceability > End-to-end efficient encryption
The PowerMaxOS Q3 2020 release introduced the availability of end-to-end efficient encryption which increases security by encrypting data at the host level while also looking for maximum data reduction on the PowerMax array.
The functionality is provided by integration with the following Thales Security software:
Thales Security software can be obtained directly from Thales Security (https://www.thalesesecurity.com/) or through Dell.
End-to-end efficient encryption also requires a specific type of front-end I/O module per PowerMax director.
End-to-end efficient encryption can be added to pre-existing PowerMax arrays that are D@RE enabled and have a free front-end I/O slot per director to accommodate the addition of the dedicated I/O module.
Configuring end-to-end efficient encryption on an array allows encryption to be set on selective volumes at the volume level, including selective volumes within a Storage Group.
The encryption-capable attribute is set during volume creation. This attribute cannot be set or unset on existing volumes. However, setting this attribute does not require the volume to participate in encryption. Volumes with the attribute set then need to be guarded to participate in encryption.
Guarding a volume requires a VTE enabled host and access to set policy on the DSM. Guarding an encryption capable volume activates encryption for all I/O and will encrypt all new data written to the volume, not data that already resides on the volume.
A guarded volume can later be unguarded. Any new I/O will not be encrypted. Existing data on the volume is not unencrypted. Any encrypted data read back to the host will remain in its encrypted state.
Figure 12 is an overview of the end-to-end efficient encryption operational flow.
For more information about PowerMax end-to-end efficient encryption, see the DSM Deployment Guide.