Need clarifications on disk encryption

Unanswered Question
Jul 1st, 2010
User Badges:

/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman","serif";}

Could you please clarify the following questions on disk encryption?

Whenever  we enable/disable disk encryption, we are deleting all the cached data.

1.           Why are we deleting all the DRE cache, when we enable/disable disk encryption? Instead we should encrypt/decrypt the data with the key that we got from CM.  If we delete all the DRE cache, then we will lose the compression that  we got from the DRE cache.

2.           How can I verify that the files in the disk are encrypted, after disk encryption is enabled?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Zach Seils Thu, 07/01/2010 - 08:18
User Badges:
  • Cisco Employee,

Hi Thenna,

The partitions we encrypt are some of the largest on the system.  We wouldn't have enough disk space to have two copies (encrypted & decrypted) of those paritions.

For verification, you would have to remove the disk drives and mount them on another Linux-based system.  We don't provide a way to browse the cache contents.



tayyappa Fri, 07/02/2010 - 01:54
User Badges:

Am not asking you to have two two copies (encrypted & decrypted) of paritions.

Insteadof deleting the paritions, you can encrypt the paritions. So that you will not lose the compression that you get from the DRE cache.

Zach Seils Tue, 07/06/2010 - 06:19
User Badges:
  • Cisco Employee,

If I am encrypting an existing (unencrypted) partition, I have to write the encrypted version of the partition somewhere on disk before I remove the unencrypted version.  Likewise in reverse.  We don't have the disk space to perform this operation.




This Discussion