User:Bporterdodge/Host based encryption

Host-Based Encryption is a method of encrypting data as it leaves the server, protecting data in-flight on the storage network and at-rest on disk. This has the effect of encryption-enabling the entire storage network. Data is encrypted once and remains encrypted wherever it goes- through the network, on storage and when mirrored or replicated. There are other approaches to encryption including software-based encryption, fabric-based encryption appliances and encrypting disk drives and arrays. The main differences between host-based encrypton and the aforementioned encryption methods is discussed below:

Software-based encryption
Software-based encryption is done by applications running on a server to protect data that is specific to the application. It is typically used for environments that encrypt relatively small amounts of data. Software-based encryption consumes significant CPU cycles, which slows applications and reduces consolidation ratios for virtualized servers.

Fabric-based encryption appliances
Fabric-based encryption appliances are hardware solutions that are installed in the fabric network. There are basically two types of encryption appliances: single-port pair (one target and one initiator) and multiple-port pairs, such as an encrypting switch. Fabric-based encryption appliances protect data in-flight from the appliance to storage. There is no protection for data in-flight between a server and the appliance.

Encrypting disk drives and arrays
Encrypting disk drives and arrays encrypt data as it’s written to a disk. Encrypting drives and arrays protect data at-rest, but provide no protection for data in-flight. Encryption keys are embedded with the drive, which could be less secure than solutions that store the key in a different location.