Geli Encryption
A software-level disk encryption mechanism using the block device-layer disk encryption system GELI.
The following graphic illustrates the encryption architecture:
- This is a software encryption technique inherited from GELI
- The encryption algorithm used is AES-XTS
- This is a full disk encryption, which means the entire disk data is encrypted (metadata included)
- The encryption key used is encrypted using the passphrase specified by the Administrator
- Both the encryption key and passphrase are required to unlock the disks
Enabling Encryption on ElastiCenter
- In the Add Pool page, select Enable Encryption.
- Specify a Passphrase.
- Click Next.
Hardware-based disk encryption/ Support for self-encrypting drives (SED)
A hardware-level disk encryption mechanism by supporting the self-encrypting drives.
- This is a hardware-based data encryption technique
- Encryption workload is moved to the drive instead of the processor. This improves system performance.
- This is a full disk encryption, which means the entire disk data is encrypted (metadata included)
- The data on the disk is encrypted at all times
- The feature enables drive locking mechanism using the passphrase specified by the Administrator.
- Restricts data access only to the authorized hosts with the specified passphrase.
Enabling Encryption
- Hardware based encryption can be enabled only on SEDs.
- SEDs can be used to create GELI (software) encrypted Pools as well.
- You cannot create an encrypted Pool with a combination of SED and other data disks.
Using ElastiCenter
- In the Add Pool page, select Enable Encryption.
- Select Hardware as the Encryption type.
- Specify a Passphrase.
- Click Next.

Changing the passphrase
You can change the passphrase used to encrypt Pool by doing the following:
- Go to the Encrypted Pool page.
- In the Actions pane, select Change passkey.
- In the Change Passkey dialog box, specify the new passkey and confirm.
Schedule passphrase change
- Go to the Encrypted Pool page.
- In the Actions pane, select Schedule change passkey.
- In the following dialog box, specify the scheduling interval.
- Click OK.
Note: CloudByte recommends you to perform a Refresh Hardware after deleting the encrypted Pool.