Datasheet

Data Security for Nutanix Hyper-Converged Infrastructure

Download Datasheet

Request a Demo

hero section

The evolving landscape of data protection regulations and data security best practices requires organizations to deploy robust data encryption and cryptographic key management processes that are appropriate to a flexible HCI computing environment.

Primary challenges are:

  • Encrypting data in a virtualized HCI environment with traditional key management systems (KMS) can be challenging and may reduce the resource management efficiencies of the HCI model. KMS often add network traffic and latency when processing encryption requests across VM clusters.
  • As HCI resources scale to meet shifting workload demands, the encryption system must seamlessly scale alongside them. The solution must also support evolving data protection needs—such as the adoption of post-quantum cryptography—without requiring costly replacement of hardware security modules (HSMs).
  • To adhere to regulations like GDPR, PCI DSS 4.0, and HIPAA, Security and IT teams must adapt quickly. This may include implementing file-level encryption, having inventory of cryptographic assets, being in control of encryption keys, and enforcing strict data access controls.

The Solution: Fortanix FSE and Nutanix AOS

With Fortanix Data Security Manager™ (DSM) for Nutanix Hyper-Converged Infrastructure (HCI), users can enhance their data security, apply fine-grained access controls, and manage encryption keys efficiently at scale to defend against malicious actors and maintain regulatory compliance. The integration delivers comprehensive data security capabilities for virtualized computing environments leveraging the Nutanix aggregated storage fabric, namely:

Consolidation of cryptographic key management within a single, scalable, cluster to support changing workload demand
Consolidation of cryptographic key management within a single, scalable, cluster to support changing workload demand.

This eliminates the risks associated with distributed and fragmented solutions, where a single point of failure could compromise critical cryptographic keys and encrypted data. 

Ability to protect sensitive data at the file level within virtualized workloads
Ability to protect sensitive data at the file level within virtualized workloads.

Designed for seamless integration, Fortanix File System Encryption (FSE) features an agent-based deployment with no kernel dependencies. The streamlined approach ensures easy management and scalability that complements the capabilities of Nutanix AHV.

Granular data security with Zero Trust principles
Granular data security with Zero Trust principles.

Sensitive data remains accessible only to authorized users and processes, as defined by fine-grained, policy-driven controls, to maintain strict separation between data owners and consumers. 

Solution Architecture 

Fortanix FSE encrypts Nutanix mounted file systems on individual VMs to protect data specific to these files or folders. Supporting both Windows and Linux operating systems, Fortanix FSE agents provide continuous file-level encryption, comprehensive audit logging, and visibility into key management operations, ensuring compliance and traceability across the Nutanix HCI environment.

nutanix diagram

Benefits

secure
Unify Security

Apply consistent security from a single UI and manage efficiently at scale.

automate
Automate Data Protection 

Automated VM encryption during generation and migration. 

compliance
Validate and prove compliance

Be in control of your data and keys and keep immutable records. 

Key Features 

cloud key

Central control of and visibility into key management across all HCI workloads from a single UI with enterprise-grade security controls.  

key

Advanced key inventory and full key lifecycle management to adhere to security best practices.

compliance

Quorum Approvals to prevent accidental key deletion or unauthorized filesystem mounts.  

manager

Secure key store in FIPS 140-2 Level 3 HSM, available as SaaS or on-premises.  

folder key

File System Encryption with scalable agent deployments, based on Open Policy Agent specification, with no kernel dependencies. 

logs

Fine-grain policy-driven access controls that restrict access to plain text data solely to authorized users and processes.  

prepare

Audit logs for both key management and policy enforcement. 

automate

Built-in High Availability (HA) and Disaster Recovery (DR). 

See how Fortanix strengthens and accelerates your enterprise compliance workflows in a personalized demo.
Fortanix-logo

4.6

star-ratingsgartner-logo

As of August 2025

SOC-2 Type-2ISO 27001FIPSGartner LogoPCI DSS Compliant

US

Europe

India

Singapore

3910 Freedom Circle, Suite 104,
Santa Clara CA 95054

+1 408-214 - 4760|info@fortanix.com

High Tech Campus 5,
5656 AE Eindhoven, The Netherlands

+31850608282

UrbanVault 460,First Floor,C S TOWERS,17th Cross Rd, 4th Sector,HSR Layout, Bengaluru,Karnataka 560102

+91 080-41749241

T30 Cecil St. #19-08 Prudential Tower,Singapore 049712