End-to-end efficient encryption combines Thales host encryption with PowerMax 2000/8000 back-end Data at Rest Encryption (D@RE) using industry-standard AES encryption technology. End-to-end efficient encryption protects data while taking advantage of PowerMax space-saving data reduction technology. Thales software encrypts and decrypts data that is written from the application host to the PowerMax array. PowerMax decrypts the data to process through the data reduction engine, and D@RE re-encrypts the data. Encryption from the host is set on a volume level. Not all volumes are required to participate. Encryption on the back end with D@RE encrypts all data, regardless of whether it is set for efficient encryption.
PowerMax and Thales are integrated to provide an end-to-end encryption solution. PowerMax uses its existing D@RE solution to provide back-end encryption. Thales provides two external components for encryption at the application host:
The following is a summary of the encryption process:
The following figure shows the end-to-end encryption architecture.