Node Encryption
E2E Networks Encryption ensures the security and confidentiality of data by encrypting virtual machine instances at rest. This process protects sensitive information stored within Nodes from unauthorized access, even in the event of a data breach or hardware compromise. E2E Networks leverages robust encryption standards and integrates key management to safeguard both system and user data. Encryption is applied transparently, with minimal impact on performance, allowing applications to operate securely and efficiently. By enabling Node encryption, organizations can meet compliance requirements, strengthen data protection strategies, and maintain the integrity of their cloud-based environments.
How E2E Networks Node encryption works
- You can enable encryption for Nodes on E2E Networks. When creating a Node, users can enable encryption by selecting the "Enable Encryption" checkbox. Additionally, an optional passphrase can be provided to further enhance the security of the encrypted volumes.
-
E2E Networks utilizes LUKS (Linux Unified Key Setup) to provide robust full disk encryption for its Nodes. This encryption operates at the block level, ensuring secure protection of data at the storage layer. The default cipher used is aes-xts-plain64, paired with a strong 512-bit key size to deliver high levels of security. Both the root and data volumes are fully encrypted, ensuring that all critical parts of the system are protected by default.
-
At E2E Networks, storage security is silently enforced at the infrastructure level. Logical Volume Management (LVM) volumes are encrypted in the backend as part of our broader disk protection strategy. This encryption is entirely invisible to users—requiring no manual setup and leaving no trace in the user-facing environment—while ensuring that all data remains fully protected behind the scenes.
-
Snapshots taken from encrypted Nodes continue to retain their encryption, ensuring end-to-end data security across your entire Node lifecycle—from the initial creation and configuration to backup, restoration, and beyond. This guarantees that any snapshot, whether taken manually or on a schedule, is securely encrypted, preserving the confidentiality and integrity of your data throughout its lifecycle.
-
With LUKS encryption and intuitive configuration through the MyAccount portal, E2E Networks helps organizations maintain data confidentiality, ensure compliance with security standards, and confidently deploy applications in a highly secure cloud environment.
Currently, the Save Encrypted Image functionality does not support encrypted Nodes. Whether a Node is encrypted or unencrypted, attempting to create a saved image will always result in an unencrypted image. This limitation is under review, and potential enhancements are being considered for future updates.
How Encryption Works for Snapshots which is created from Encrypted Nodes
- Snapshots taken from an encrypted Node are automatically encrypted.
- The encryption is handled using LUKS at the disk level, ensuring that data remains protected both at rest and during restoration.
- Whether the snapshot is taken manually or via a scheduled task, encryption is preserved without requiring additional steps.
- Once the user creates a snapshot, it first generates a saved image. The user can then choose whether to enable encryption for the Node created from that image.
- When a snapshot is taken from an encrypted Node, and an image is created from that snapshot, the new Node created from that image will not inherit encryption by default. To ensure data security, encryption must be manually enabled during the Node creation process.
How E2E Networks Handles Snapshots from Unencrypted Nodes
-
When a snapshot is taken from an unencrypted Node on E2E Networks, the snapshot itself remains unencrypted. This means that no encryption is automatically applied during the snapshot creation process.
-
When a user takes a snapshot, it must first be converted into a saved image. A new Node can then be created from that image. During the Node creation process, the user must explicitly choose whether to enable encryption for the new Node, as encryption is not automatically inherited.
-
Encryption cannot be retroactively applied to an unencrypted snapshot. Users must create a new encrypted Node and migrate data manually if encryption is required.
-
If you wish to create a new encrypted Node from this unencrypted snapshot, the process involves the following steps:
• Create an Image from the unencrypted snapshot.
• Use this image to launch a new Node.
• During the creation of the new Node, you will have the option to enable encryption by selecting the "Enable Encryption" checkbox and, optionally,providing a passphrase.
