Posted On: Jul 13, 2023

Amazon FSx for NetApp ONTAP, a service that provides fully managed shared storage built on NetApp’s popular ONTAP file system, now supports using the IP security (IPsec) protocol to encrypt data in transit. With this additional option to encrypt your data end-to-end, FSx for ONTAP offers even more flexibility for you to protect your data.

FSx for ONTAP already supports encryption of data in transit using Nitro-based and Kerberos-based encryption. Nitro-based encryption offers the simplest and highest performance option for encrypting data in transit. It’s automatically enabled when you access your data directly (without passing through a virtual network device or service, such as a transit gateway) from supported instance types in the same VPC or a peered VPC. When accessing data from a client that doesn’t support Nitro-based encryption or that resides outside your VPC, you can encrypt data in transit with Kerberos-based encryption using an Active Directory (AD). Now, with the IPSec protocol, you have an option to encrypt data in transit in environments where Nitro-based encryption is not supported and where you don’t have an AD available.

You can encrypt your data in transit using the IPsec protocol for new file systems in all regions where FSx for ONTAP is available. Customers with existing file systems will get this support during an upcoming weekly maintenance window. Learn more about this new feature in the Amazon FSx documentation.