6.3. Managing Tier Encryption

Acronis Cyber Infrastructure can encrypt data stored on disks with the AES-256 standard, so if a disk gets lost or stolen the data will be safe. Acronis Cyber Infrastructure stores disk encryption keys in cluster’s metadata (MDS).

Encryption can be enabled or disabled only for the newly created chunk services (CS). Once tier encryption is enabled, you can decrypt disks (CSs) by manually releasing them from encrypted tiers. Correspondingly, simply enabling encryption on the disk’s tier will not encrypt its data (CS). To encrypt a disk, you must assign it to an encrypted tier.

Take note of the following:

  1. Acronis Cyber Infrastructure does not encrypt data transmitted over the internal network.
  2. Enabled encryption slightly decreases performance.
../_images/stor_image24_4_ac.png

To enable tier encryption, do the following:

  1. Navigate to SETTINGS > Advanced settings > DISK.
  2. Enable Enable AES-256 encryption for data stored on disks.
  3. Select tiers that you want to encrypt.
  4. Click Save.