VMware, Inc.
Enhanced data encryption in distributed datastores using a cluster-wide fixed random tweak

Abstract:

A method for encrypting data in one or more data blocks is provided. The method generates a fixed random tweak. The method receives first and second data blocks to write on at least one physical disk of a set of physical disks associated with a set of host machines. The method applies a fixed random tweak to data indicative of the first data block and data indicative of the second data block to generate, respectively, first and second encrypted data blocks. The method writes first and second entries to a data log in a cache, the first entry comprising a first header and the first encrypted data block and the second entry comprising a second header and the second encrypted data block. The method then writes the first and second encrypted data blocks to the at least one physical disk.