6.1. Managing Tier Encryption¶

Acronis Cyber Infrastructure can encrypt data stored on disks with the AES-256 standard, so if a disk gets lost or stolen the data will be safe. Acronis Cyber Infrastructure stores disk encryption keys in cluster’s metadata (MDS).

Encryption can be enabled or disabled only for the newly created chunk services (CS). Once tier encryption is enabled, you can decrypt disks (CSs) by manually releasing them from encrypted tiers. Correspondingly, simply enabling encryption on the disk’s tier will not encrypt its data (CS). To encrypt a disk, you must assign it to an encrypted tier.

Take note of the following:

1. Acronis Cyber Infrastructure does not encrypt data transmitted over the internal network.
2. Enabled encryption slightly decreases performance.

To enable or disable tier encryption, on the SETTINGS > Advanced settings > ENCRYPTION screen, select or deselect tiers and click Save.