Stay organized with collections
Save and categorize content based on your preferences.
This section describes the different layers of encryption in storage. Google Distributed Cloud (GDC) air-gapped appliance
Encryption at rest
There are different layers of data at rest encryption that GDC air-gapped appliance provides.
Encryption in transit
Data in transit is encrypted using IPsec on two types of OTS traffic:
External traffic between bare metal hosts and OTS Storage Virtual Machines (SVMs).
Internal traffic between OTS worker nodes.
The IPsec on both traffic is implemented by the third party library strongSwan (https://strongswan.org/). The OTS internal traffic is built with the OpenVSwitch vxlan tunnel and it also uses strongSwan to encrypt the data flow under the layer.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-08 UTC."],[[["Google Distributed Cloud (GDC) air-gapped appliance encrypts all customer content stored at rest by default."],["The GDC air-gapped appliance storage layer uses dm-crypt with the Linux Unified Key Setup (LUKS) extension for encryption."],["Block and object encryption are available to provide double encryption for increased security."],["Data in transit is encrypted, using a secure mode for internal data and FIPS-compliant OpenSSL for external communication."]]],[]]
