Encryption at rest is
available as an option on all BonFire devices.
BonFire encryption uses the standard encryption
tools provided in Linux but with several
important management twists. The first is
that encryption is moved below the RAID level.
Consequently, the data intended for each
individual drive is treated as a separate
process thread, spread out over all the
available CPU cores, thus preventing a
single-thread choak-point. This greatly
increases write rates.
A significant problem with
encryption at rest is the need to manually
re-enter the security key each time a system is
rebooted, as the data cannot be stored on
permanent storage media (HDDs, SSDs, etc.)
without placing the stored data at risk.
BonFire's ability to manage multiple servers
from a single point, and the concurrent
interconnectedness of all server nodes, allows
the storage of a system's keys in the main
memory (RAM) of each system in the same
management group. Thus, after a machine
has launched encryption once, it can fetch a set
of keys from another system rather than waiting
for a human operator, even though this data is
never permanently stored on any storage media.