Requirements for Efficient Storage GuardPoints on Linux
Windows-specific requirements:
-
The Windows host must be running one of the following:
-
Windows Server 2012 R2
-
Windows Server 2016
-
Windows Server 2019
-
-
You can only protect data volumes with an ES GuardPoint. Protecting the boot volume with an ES GuardPoint is not supported.
-
You must enable Secure Start on the protected host and in the ES GuardPoint in the CipherTrust Manager.
-
Existing data LUNs must be increased in size by at least 128MB (64MB for the CTE private region plus an additional 64MB to allow enough space for the data to be shifted after the CTE private region has been created). For details, see Data Relocation on Existing Windows Devices.
If you create a new Windows device to be protected, do not initialize that device with the Windows Disk Manager until after you have created and assigned the ES GuardPoint. After the GuardPoint has been assigned through the CipherTrust Manager, you can manage the disk as normal using the standard Windows disk management tools.
A LUN must meet the following requirements before it can be protected as an ES GuardPoint:
-
The storage array exporting the LUN to the protected host must be enhanced with the Efficient Storage capability. For details, see Storage Arrays Compatible with CTE-Efficient Storage.
-
The storage array exporting the LUN to the protected host must be a KMIP client registered with the same CipherTrust Manager as the protected host.
-
The protected host must have direct physical access to the LUN through Fiber Channel Protocol (FCP) or iSCSI.
-
The entire LUN must be protected as one and only one ES GuardPoint.
-
In an ESXi environment, the LUN added to a virtual machine must be configured for Raw Device Mapping in physical mode, or:
-
The LUN must be part of a VVol datastore.
-
The LUN cannot be a VMDK or a disk in a datastore.
-
-
In a HyperV environment, the LUN cannot be a virtual disk.
