Arctera

Online volume encryption at rest

December 18, 2025

Contributed by:

C C

Volume Manager (VxVM) provides the online volume encryption at rest feature that lets you migrate unencrypted volumes to encrypted ones. Using this feature a volume can be migrated without application downtime, that is, while the file system is mounted and the I/Os are running. It also avoids complexities, like having to modify application configurations, and has a controlled impact on the application I/O performance.

The online migration process involves mirroring the existing storage configured under a volume, which requires an equal amount of additional storage that gets used in the background.

Online migration involves the Start phase, in which the process is initiated, and the Commit phase, in which the background changes made to the volume are finalized. The unencrypted volume is migrated to an encrypted one when both these phases are completed successfully.

After the Start phase is complete and before you can initiate the Commit phase, you can abort the migration or switch plexes. The switching of reads between the source (unencrypted) plex and the target (encrypted) plex helps verify the data copied during the Start phase. Meanwhile, the writes continue to happen on both the plexes.

Limitations:

Online migration is not supported in the following cases:
- RAID 5 and erasure coded (EC) volumes
- Volumes with mixed layouts
- Volumes configured for VVR replication
Only one online migration can be performed on an unencrypted volume at a time.

You can use either VxVM commands or the Management Server console of InfoScale Operations Manager to migrate unencrypted volumes to encrypted ones. For details, refer to the Storage Foundation Administrator’s Guide - Linux or the InfoScale Operations Manager User’s Guide.

The official version of this content is in English. Some of the Cloud Software Group documentation content is machine translated for your convenience only. Cloud Software Group has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Cloud Software Group product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Cloud Software Group, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Cloud Software Group will not be held responsible for any damage or issues that may arise from using machine-translated content.

Online volume encryption at rest

December 18, 2025

Contributed by:

C C

December 18, 2025

Contributed by:

C C

Online volume encryption at rest

In this article