Encryption of Data Over-the-Wire

  • Updated on Jan 31, 2026
  • Published on Jan 27, 2026
  • 1 minute(s) read
Prev Next

Encryption of data over-the-wire is the encryption of data as it is transmitted over network connections to protect the data in transit from unauthorized access.

In a VAST Cluster deployment, data can be encrypted in transit between the client network and the cluster and on the internal cluster network.

Encryption of data between the client network and the cluster

Data is encrypted on the following connections:

  • Clients using the S3 protocol can connect with the cluster over HTTPS connection. The HTTPS connection is encrypted with FIPS 140-3 capable encryption. For more information, see Enabling an HTTPS Connection.

  • Client connections over NFSv4 can be encrypted with Kerberos or with TLS.

  • Client connections over NFSv3 can be encrypted with TLS.

  • The connection between replication peers is encrypted with FIPS 140-3 capable encryption. See  Encrypting Replication with mTLS for details.Encrypting Replication with mTLS

  • VMS traffic is encrypted using TLS. For details, see Installing an SSL Certificate for VMS.

  • Connection to an external LDAP server can be encrypted using TLS. This is an optional setting in the LDAP configuration.

Encryption of Data on the Internal Network

When encryption is enabled on the cluster, data transferred between the servers and switches in the VAST Cluster network is encrypted with FIPS 140-3 capable encryption. Encryption at Data at Rest

Related articles