Article number
000004227
Affected Versions
All
Source Hypervisor
AWS
Target Hypervisor
AWS

How to enable AWS S3 Encryption for ZVR

Viewed 467 times

Summary

Requirements:
  1. The AWS region must support S3 encryption, specifically KMS.
  2. AWS Key Management Service (KMS) is used for the encryption keys.
  3. Using the steps below, S3 encryption is only supported when data is at rest in the S3 bucket the ZCA is using.
  4. Encryption for EBS Volumes requires a separate change. Follow the instructions in the following KB:  "How to Enable AWS EBS Encryption for ZVR 6.5" or "How to Enable AWS EBS Encryption for ZVR 7.0+"
  5. S3 encryption for ZVR is set at the site level, and cannot be set on a per VPG basis.
  6. If a VPG was created before this change was applied then the objects stored in S3 for this VPG is not encrypted. It must be deleted and recreated in order for these S3 objects to be encrypted.
  7. This can only be used on a ZCA running on AWS. It cannot be used on any other site or platform other than AWS.

Steps

To apply the tweak, kindly contact Zerto Support.