8.5 Guidelines for Using DFS with Encrypted NSS Volumes

Make sure you understand the security implications in this section if you use DFS with encrypted NSS volumes.

8.5.1 Creating DFS Junctions on Encrypted NSS Volumes

We strongly advise against creating a situation where encrypted and nonencrypted volumes are paired in the junction-to-target relationship. If you create a DFS junction on an encrypted NSS volume, the target volume should also be an encrypted NSS volume. Otherwise, the data on the target location is not encrypted and the data is not secure.

WARNING:When creating DFS junctions, make sure the source and target volumes are either both encrypted or both nonencrypted.

8.5.2 Moving or Splitting Encrypted NSS Volumes

We strongly advise against using the Move Volume or Split Volume tasks for encrypted NSS volumes because of the following security considerations:

  • You can move or split data only to a newly created NSS volume. NSS encrypted volume support is available only for volumes created in NSSMU, so the target volume is necessarily an NSS volume that is not encrypted.

  • The data is transferred nonencrypted from the encrypted NSS volume to the nonencrypted target volume where the data is stored nonencrypted.

WARNING:If you use the Move Volume or Split Volume tasks on an encrypted NSS volume, the relocated data is not encrypted in its new location. It is no longer secure.