A customer requires the use of data encryption to ensure data is not accessible when a drive is removed from the primary storage platform. However, there is also a requirement to use deduplication and compression against all workloads in order to conserve space.
Which solution meets the customer requirements?
Array-based encryption is the most suitable solution as it ensures the data is encrypted within the storage array, hence protecting it when a drive is removed from the primary storage platform. This type of encryption operates at the storage system level and is compatible with deduplication and compression techniques. Other options do not meet all the specified requirements: data-in-transit encryption (A) does not protect data at rest, OS-level encryption (B) can interfere with deduplication and compression, and encrypted backups (C) do not address the need for encryption of data currently within the storage system.
I think D is correct
D Data that is already encrypted, cannot be compressed. So the only choice is to encrypt at the array itself.
The logical choice would be D. Array-based encryption
A and C do not provide data at rest encryption for the vm. B, OS level encryption will not allow dedup, hence D is the correct answer.
A is data-in-transit encryption, not data-at-rest B won’t allow an efficient deduplication/compression C is only backup related, and will not protect the VMs at-rest
I would go with D Array-Based encryption
Array-based encryption provides the same benefits as SEDs (self-encrypting drives), in that the drive shows no readable data once it is removed from the array. That means drives don't need to be physically destroyed when they are removed, which brings cost, security and environmental benefits