10.6. Managing tier encryption¶
Acronis Cyber Infrastructure can encrypt data stored on disks by using the AES-256 standard, so if a disk gets lost or stolen the data will be safe. Acronis Cyber Infrastructure stores disk encryption keys in cluster’s metadata (MDS).
Encryption can be enabled or disabled only for the newly created chunk services (CS). Once tier encryption is enabled, you can decrypt disks (CSs) by manually releasing them from encrypted tiers. Correspondingly, simply enabling encryption on the disk’s tier will not encrypt its data (CS). To encrypt a disk, you must assign it to an encrypted tier.
Take note of the following:
- Acronis Cyber Infrastructure does not encrypt data transmitted over the internal network.
- Enabled encryption slightly decreases performance.
To enable tier encryption, do the following:
Go to Settings > System settings > Encryption.
Turn on the toggle switch Enable AES-256 encryption for data stored on disks.
Select the tiers that you want to encrypt, and then click Save.