[SoftNAS KB]: Using In-Flight Data Encryption
Symptoms
In-Flight Data encryption involves encrypting the data stream at one point and decrypting it at another point. For example, if you replicate data across two data centers and want to ensure confidentiality of this exchange, you would use In-Flight Data encryption to encrypt the data stream as it leaves the primary data center then decrypt it at the other end of the cable at the secondary data center.
In-Flight Encryption is important to securing any cloud environment, where data travels constantly back and forth between hosted environments and your local servers. There are numerous paid solutions that can bolster security by encrypting data both at-rest, and inflight, but they can be costly. The above solutions offer free protection for your environment that are simple to implement, and provide more than adequate protection from outside threats.
Purpose
SoftNAS supports two methods of in-flight data encryption:
- CIFS Encryption In-Flight
- Tunneling NFS through SSH
This KB provides an Application Guide to configuring both methods.
Resolution
Guidance for implementing in-flight encryption using CIFS and SMB, as well as tunneling NFS through SSH can be found in the below document:
Additional Information
Required to configure CIFS with SMB.