From Release 10.1, you can enable or disable data encryption for Avaya Aura® applications at the time of deployment. Data Encryption is supported only for Avaya Solutions Platform 130 and VMware Virtualized Environment. Once you deploy the application with data encryption, you cannot disable data encryption after deployment.
By enabling Data Encryption, your Communication Product's certain Operational data and Log Files will be encrypted. You will be prompted to enter a passphrase that will be used to create or access an encryption key. You must remember the encryption passphrase, if not it can result in locking up the system. Secondly, you will be asked to configure the option for local key storage.
It is important to note that the encryption of the disk may have a performance impact. For further information, refer to the Avaya Product Administration guide(s). Before you select an encryption option, please read the Data Privacy Guideline so that you may better understand these options.
By disabling Data Encryption, your Communication Product's Operational data and Log Files will not be stored in encrypted partitions.
If encryption is enabled and the Require Encryption Pass-Phrase at Boot-Time check box is selected, you need to reenter the encryption passphrase whenever the application reboots.
During reboot, the application prompts you to enter the encryption passphrase on VM console at first boot and upon entering the correct encryption passphrase, the system mounts all the encrypted disks.
Note the following:
If a common encryption passphrase is used for all the encrypted partitions, but an incorrect encryption passphrase is entered in first attempt, then you have to enter the correct encryption passphrase for every partition at least once.
Multiple failures on encryption passphrase boots the system into the Maintenance/Emergency mode. To get the prompt again, you need to reboot the system.
If encryption is enabled and the Require Encryption Pass-Phrase at Boot-Time check box is not selected during OVA deployment, the application creates the Local Key Store and the system does not prompt you to type the encryption passphrase whenever the application reboots to mount the encrypted disks. You can also set up the remote key server by using the encryptionRemoteKey command after the deployment of the application.
