Encryption of data over-the-wire is the encryption of data as it is transmitted over network connections to protect the data in transit from unauthorized access.
In a VAST Cluster deployment, data can be encrypted in transit between the client network and the cluster and on the internal cluster network.
Data is encrypted on the following connections:
Clients using the S3 protocol can connect with the cluster over HTTPS connection. The HTTPS connection is encrypted using the VAST Data FIPS 140-2 Object Module for OpenSSL, which is FIPS 140-2 validated. The NIST validation for the module can be found at https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4107.
VMS traffic is encrypted using TLS.
Connection to an external LDAP server can be encrypted using TLS. This is an optional setting in the LDAP configuration.
When encryption is enabled on the cluster, data transfer between the servers and switches in the VAST Cluster network is also encrypted with FIPS 140-2 validated encryption.