Citrix DaaS

Encryption capabilities

Encryption capabilities protect the content of virtual machines from attacks by malicious guests on a shared virtual machine host and from attacks launched by the hypervisor control software that manages all the virtual machines on the host.

See the following for more information on supported hypervisors:

Encryption capabilities in AWS

This section describes the encryption capabilities in AWS virtualization environments.

Automatic encryption

You can turn on automatic encryption of new Amazon EBS volumes and snapshot copies created in your account. For more information, see Automatic encryption.

Encryption capabilities in Google Cloud Platform

This section describes the encryption capabilities in Google Cloud Platform (GCP) virtualization environments.

If you need more control over key operations than what Google-managed encryption keys allows, you can use customer-managed encryption keys. When using a customer-managed encryption key, an object is encrypted with the key by Cloud Storage at the time it’s stored in a bucket, and the object is automatically decrypted by Cloud Storage when the object is served to requesters. For more information, see Customer-managed encryption keys.

You can use Customer Managed Encryption Keys (CMEK) for MCS catalogs. For more information, see Using Customer Managed Encryption Keys (CMEK).

Encryption capabilities in Microsoft Azure

This section describes the encryption capabilities in Azure virtualization environments.

Azure server side encryption

Most Azure managed disks are encrypted with Azure Storage encryption, which uses server-side encryption (SSE) to protect your data and to help you meet your security and compliance commitments. Citrix DaaS supports customer-managed encryption keys for Azure managed disks through Azure Key Vault. For more information, see Azure server side encryption.

Azure double encryption

Double encryption is platform-side encryption (default) and customer managed encryption (CMEK). Therefore, if you are a high security sensitive customer who is concerned about the risk associated with any encryption algorithm, implementation, or a compromised key, you can opt for this double encryption. Persistent OS and data disks, snapshots, and images are all encrypted at rest with double encryption. For more information, see Double encryption on managed disk.

Encryption capabilities