Secure real-time data replication with disk encryption and key management system

摘要

A secure real-time data replication system includes a key management server that provides keys to hosts that store encrypted data. Data to be written in one host is encrypted using a key received from the key management server; the encrypted data is stored in the host. A copy of the data is provided to another host for real-time data replication. In the other host, the copy of the data is encrypted using another key received from the key management server; the encrypted copy of the data is stored in the other host. Keys are provided by the key management server based on policy rules governing the keys.

主权项

1. A computer-implemented method comprising:
a key management server providing a first key to a first host computer system and a second key to a second host computer system over a computer network; prior to providing the first key to the first host computer system, the key management server receiving a key request from the first host computer system, determining whether or not the first host computer system meets a policy rule for receiving the first key, and providing the first key to the first host computer system when the first host computer system meets the policy rule for receiving the first key; the first host computer system receiving a file to be written to a first data storage device in the first host computer system, providing a copy of the file to the second host computer system in real-time, encrypting the file using the first key to generate an encrypted file, and storing the encrypted file in the first data storage device; and the second host computer system receiving the copy of the file, encrypting the copy of the file using the second key to generate an encrypted copy of the file, and storing the encrypted copy of the file in a second data storage device in the second host computer system.