As companies shift high-performance workloads toward cloud solutions, data storage and data protection go side-by-side. Many companies have both internal and external security rules and regulations they must adhere to when storing their data. Amazon FSx for Lustre offers fully managed, scalable file systems for fast-processing workloads, providing secure, shared access to your users.
In this blog, we show you how you can safeguard your data using FSx for Lustre’s encryption feature. This will help you improve security, and limit the likelihood of a breach resulting in data loss. AWS uses the shared responsibility model for safe cloud computing.
Encrypting your FSx for Lustre file systems
FSx for Lustre supports two types of encryptions: encryption-at-rest and encryption-in-transit. However, when you create a FSx for Lustre file system, the encryption of data at-rest automatically activates and uses the XTS-AES-256 block cipher encryption algorithm to encrypt the file system. If you are using a temporary or scratch file system, it encrypts the data at-rest using the unique keys managed by Amazon FSx, and the keys are destroyed after the file system is deleted.
FSx for Lustre persistent file systems let you encrypt the data at-rest either by specifying the customer-managed AWS Key Management Service (AWS KMS) or AWS managed key. By default, persistent file systems use an AWS managed key. FSx for Lustre ensures the data is automatically encrypted before being written to the file system. Similarly, it’s decrypted before being presented to the application. This process results in no coding or application changes required by the customer.
You can see persistent file system encryption details via the AWS Management Console, API, and by running the following command from the Amazon EC2 Lustre client. Scratch file system keys are not displayed via console, API, or through CLI…
Read the full blog to learn more. Reminder: You can learn a lot from AWS HPC engineers by subscribing to the HPC Tech Short YouTube channel, and following the AWS HPC Blog channel.