Scalable File System Encryption
E2E Networks SFS Encryption enhances data security by encrypting file system data at rest, ensuring that sensitive information stored within shared file systems remains protected from unauthorized access. This encryption layer helps safeguard data even in cases of compromised compute instances or underlying physical storage failure. Using industry-standard encryption algorithms and integrated key management, SFS Encryption offers strong security without impacting performance. The encryption is fully transparent to users and applications, requiring no changes to existing workflows or configurations.
By enabling SFS Encryption, organizations can strengthen their data protection strategy, meet regulatory compliance requirements, and securely manage file-based workloads in the cloud.
How E2E Managed SFS Encryption Works
Users can enable encryption for Shared File Systems while creating an SFS share from the MyAccount portal. During creation, simply select the “Enable Encryption” checkbox. For added data protection, users may optionally supply a passphrase, which introduces a second security layer.
Behind the scenes, E2E Networks applies server-side encryption (SSE) to protect the SFS storage layer. All data and metadata stored inside the file share are encrypted before being committed to disk, and automatically decrypted when accessed. There is no impact on functionality—mounting, access controls, NFS/SMB compatibility, performance, and workflows remain unchanged.
Once encryption is enabled, the share remains fully protected throughout its lifecycle:
- All files stored on the encrypted SFS are encrypted at rest.
- Applications and clients access data normally, with no client-side changes.
- Encryption and decryption are handled automatically by the backend.
- File system permissions (ACLs, exports, user access rules) continue to function as it is.
SFS Encryption Lifecycle Behavior for Snapshots
- Snapshots Remain Encrypted : Any snapshot created from an encrypted SFS share manual or scheduled retains full encryption. This ensures end-to-end data protection during backup and restore operations.
- Seamless Integration : Encryption is completely transparent to mounted clients, applications, and workloads. Users do not need to modify code, configuration, or mount options.
- Consistent Protection for New Shares : When restoring an encrypted snapshot into a new SFS share, users can choose to enable or disable encryption, allowing full control based on organizational security policies.
How SFS Encryption Works for Snapshots
- Snapshots taken from encrypted SFS shares are automatically encrypted.
- Encryption remains intact through snapshot creation, replication, and restoration.
- No additional steps are required to preserve encryption.
- When a new SFS share is created from a snapshot, encryption must be explicitly enabled during creation if continued protection is required.
Backups with SFS Encryption
All backups taken from an encrypted Shared File System (SFS) remain fully encrypted throughout their lifecycle. When encryption is enabled for an SFS volume:
- Encrypted at Creation: Any backup manual or automated is encrypted the moment it is generated.
- Secure Storage: Backup data stored within E2E’s infrastructure remains encrypted at rest, preventing unauthorized access even if the underlying storage is compromised.
- Encrypted During Restore: When a backup is restored to a new or existing SFS volume, the restored data stays encrypted end-to-end without requiring additional configuration.
- Policy Compliance: Since encryption carries over to all backups, organizations can maintain compliance with security, regulatory, and audit standards without modifying workflows.
