Creating Encrypted Pools with the Atlas S8+



Data Security is an important issue today as more sensitive and personal information is stored on computer storage than ever before. There are 2 aspects of data security, data in flight and data at rest. The security of data in flight is assured by the https protocol, ssh, scp and various end-to-end encoding algorithms. Data at rest can be secured by several methods. The latest evolution in hardware encryption is provided by SED (self-encrypting) disks. The Atlas S8+ supports SED disks but currently does not ship with them. Another form of encryption at rest is an encrypted filesystem. Most Operating Systems support encrypted filesystems, including macOS, Windows and most Linux distributions. The Atlas S8+ also supports filesystem encryption. 

Atlas S8+ Filesystem Encryption:

The Atlas S8+ offers encryption at rest by means of filesystem encryption at the pool level. During initial configuration SED disks can be enabled, but pool encryption can only be enabled after a pool has been created.

To enable encryption, select Control Panel > Storage > Pool > (select a pool) > Edit

One of the setting is Pool Encryption.

Click Enable Pool Encryption, enter a password (twice). A password must be from 8-16 characters in length, see the list below for allowable characters.

Click Confirm and the pool will be encrypted. Pool Information will now show pool encryption as enabled.

Note that if the pool has lots of data, it will take some time for the pool to be encrypted and this may affect performance.

Once the disk is encrypted, it is possible to save the hashed encryption key to a file. Select Export from the pools gear menu.

And save the file to disk...

The key file can be used to move an RAID set with encrypted pool(s) to a different Atlas S8+. After moving the RAID set, select Unlock from the gear menu and either type in the encryption password or import the encryption key file.