Full Cluster Encryption for Pivotal GemFire & Pivotal Greenplum

Zettaset provides encryption of data at rest and in motion for Pivotal GemFire and Pivotal Greenplum clusters. Use Zettaset XCrypt™ Full Disk Encryption for proven data protection of large volumes of sensitive data that must meet regulatory compliance requirements.

Proven Protection for Compliance

Secure sensitive data at rest and in transit that must comply with data protection regulations including HIPAA, HITECH, SOX, PCI/DSS, and GDPR.

Fast, Scalable, and Affordable

XCrypt Full Disk’s seamless integration with Pivotal Greenplum ensures superior application performance. You get near-zero latency, unmatched scalability, and lower TCO compared to legacy approaches.

Simplified Administration

XCrypt Full Disk is software-based, with no need for costly and complex proprietary appliances. Simply install, point, and encrypt! Petabyte-scale production clusters can be up and running in a day.


Zettaset XCrypt Full Disk Encryption

XCrypt Full Disk is the high-performance encryption solution that combines sizzling speed, unmatched scalability, and near-zero latency to provide proven protection for sensitive information and help you address compliance requirements. XCrypt Full Disk is delivered as an all-software encryption platform that requires no proprietary appliances, delivering the benefits of lower cost, simplified deployment, and ease-of-administration. Just point and encrypt. XCrypt Full Disk can be used to protect data at rest on servers and data in transit between cluster nodes. XCrypt’s automated installation and administration processes simplify deployment and require no changes to the database or applications. Petabyte-scale Pivotal Greenplum production clusters protected by XCrypt can be up and running in a day!

About Zettaset

Customers look to Zettaset for advanced all-software data encryption solutions designed for unmatched performance and scalability in today’s complex and demanding distributed-computing architectures and elastic cloud environments.

Learn More About XCrypt Full Disk Encryption at www.zettaset.com.




Integration Features

Automated XCrypt Full Disk installation and administration processes simplify deployment.

No changes to Pivotal Greenplum customers’ existing back-up process, high-level applications nor code is required when deploying XCrypt Full Disk, making the solution non-disruptive.

XCrypt Full Disk automatically integrates with KMIP key managers and PKCS#11 HSMs that exist in the customer’s environment, protecting the customer’s security infrastructure investment.

XCrypt Full Disk also includes a software-based Virtual Key Manager, Client and Virtual HSM (hardware security module), which can be alternatively deployed.

Pivotal Greenplum customers can use XCrypt Full Disk to encrypt data at rest (DAR) and data in motion (DIM). XCrypt for DIM encrypts and protects all traffic within the Pivotal Greenplum cluster/segment nodes.

XCrypt Full Disk is tightly integrated with Pivotal Greenplum to provide encrypted data access control. As a result, enterprise applications running in Pivotal Greenplum, on top of XCrypt Full Disk, experience no degradation in performance.

XCrypt Full Disk is transparent to higher level file systems, databases, and applications. No customization of high-level applications or code modification is required when deploying XCrypt.

Typical Pivotal Greenplum deployments use Data Domain as their backup infrastructure, which is a necessity for data recovery. De-duplication in the backup infrastructure requires data to be in the clear. With XCrypt Full Disk, no changes need to be made to the existing backup process.

Pivotal GemFire customers can use XCrypt Full Disk for automatic snap-shotting of the in-memory database contents at user-configurable intervals.

“The largest advantage that I found in working with Zettaset’s DAR and DIM modules was how easy they were to deploy. Usually, adding encryption is a painful endeavor. However, Zettaset’s installation was fairly simplistic. Making maintenance a simple, disciplined process is a key part of the overall solution.”

Ian Redzic, Information Security Officer, Stanford University


How it Works

As the Pivotal Greenplum server boots up and mounts an encrypted partition, it needs to exchange information with a key management server. Once the proper handshakes have taken place, the Zettaset XCrypt Full Disk technology allows a decrypted version of the server volumes to be mounted and treated like a normal partition. Zettaset provides the pieces to automate all of this and integrate with your existing key management and HSM (hardware security module) solutions. The Zettaset XCrypt Full Disk solution also includes a virtual key manager and virtual HSM which can alternatively be deployed if needed.

Encrypting Data at Rest

Figure 1 depicts the mount points that you would typically encrypt in a Pivotal Greenplum environment in order to protect data. In this scenario, you would be using the Zettaset key management server to store and manage credentials. As the servers in the cluster booted, they would do a key exchange with the Zettaset server following the LUKS specification. If this exchange works, the server would then be able to mount the /data partition us dm-crypt so that the master could read the files it needs out of /data/master. The segment nodes would each individually go through their own exchange and validations so that they could access the /data partition which contains the files necessary to run the primary, and mirror and present their data.



Figure 1: Pivotal Greenplum with Zettaset XCrypt Full Disk Data at Rest Encryption


Encrypting Data in Motion

Many companies also want to protect data as it is passed between nodes. Normally, this traffic sits on its own interconnect, and it is segmented away from any other network access. This is typically enough protection for most use cases. Since we see more cloud and virtualized deployments of Pivotal Greenplum, there are more requests to encrypt the traffic that passes between the nodes. Zettaset’s XCrypt Full Disk encryption for DIM (Data In Motion) installs and manages the pieces that allow you to encrypt data as it passes between nodes. The encryption is applied to communication from the master to segment hosts, segment hosts to the master, and between the segment hosts themselves.



Figure 2: Pivotal Greenplum with Zettaset XCrypt Full Disk Data in Motion Encryption


Read the complete blog by Pivotal’s Scott Kahler and Ian Redzic here. The article provides a comprehensive description of how Zettaset works in Pivotal Greenplum or Pivotal GemFire environments.


Get Started

Contact Us
Thank you for your interest!

We will get back to you shortly.