VOX

While I agree with you, the mandate is for 256-bit encryption and Enterprise Vault OSIS methodology doesn't meet that standard.

then would suggest you get in contact with symantec immediately

I'm already going down that route but I wanted to see if anyone else had encountered this question and I find it hard to believe that no one else has.

Well the thing is most federal, military and high security companies won't usually divulge information about the solutions they've performed and such , which is why it might be a lot like watching tumbleweeds waiting for a response

These organizations aren't implementing them themselves, they're hiring consultants to do it and the consultants should have no qualms about offering sanitized outlines of solutions they've done in the past. I have no need for customer names, merely solutions.

Additionally, I can't believe there aren't private industry customers out there who have asked about encryption of the EV data. There's got to be something out there and frankly the EV documentation doesn't really address it.

I'd be very interested in hearing what encryption solutions are out there being used with EV. I think the first question to be answered is at what level do you want this encryption to take place.

You asked if there are other options besides Hitachi? Yes, NetApp also has technology to encrypt at the LUN level. I guess you have to ask the customer WHY. It's going to be decrypted by the time it gets to the server anyway, so if you can get to the server, you'll be able to steal the data whether it's encrypted on disk or not.

I believe they're concerned about being able to pick up the storage and walk out with the data. I know its absurd but does the government ever do anything that makes sense?

well, that's a legit concern. someone could dress up as the janitor and steal a shelf. all kidding aside, if that's their main concern then it sounds like encrypting the data on disk is what you're after and you'd best off bringing this up to EV product management like JW suggested. they might even be able to tell you that some other anonymous customer is doing it already but i personally don't know for 100%.

I would strongly suggest hooking up with Product Management on this - they are the only people who will be in the know about it.

https aside, i should think at a very basic level bitlocker on windows 2008 should be a fairly simple solution to implement on windows 2008 servers. I've implemented bitlocker on branch servers and it was quite a simple thing and it supports 256. Ofcourse a h/w based solution would be better but in this case even the o/s raid 1 mirror disk on local can be encrypted. Downside will probably be a slight perf hit on the whole setup however going with modern day i7 quadcore and up processors that overhead should be handled easily.

If you ever get yourself locked out due to TPM compliance issue( change MB etc) or loose the USB key or loose the password decryption can be a nightmare delay though.That said the larger the volume the initial encryption setup takes at least a day or more.