We've collected the most commonly-asked questions received by our sales and support teams and collected all of the answers here for your convenience. If you have questions that are not answered here, please contact sales@gazzang.com.



How does ezNcrypt work?
ezNcrypt is a thin, virtual file system layer between an application, such as MySQL, and a file system. It controls access and use of security keys which are used to encrypt file data transparently before it is written to the disk. This low-level encryption is handled by ezNcrypt utilities to provide an interface to easily encrypt databases in a per-table basis (you only encrypt what you need).
How do I install ezNcrypt?
Once you are sure you have the proper system requirements and privileges to run ezNcrypt, you can easily install and configure it by downloading the product and running our installation script. For more information please email support@gazzang.com to receive a copy of our installation guide.
How does Gazzang license the ezNcrypt product?
ezNcrypt is licensed per server (physical or logical). We offer an annual subscription-based license.
How does the KSS work?
Messages between the customer machine and server are protected by two layers of encryption. The first layer uses asymmetric encryption (https); a second layer relies on single use symmetric encryption, relying on industry-standard algorithms, such as AES 256. The service allows or denies this information based on your machine's digital fingerprint. Messages sent between your host and our servers are never encrypted in the same fashion twice. This prevents your encryption password from being "fetched," even if someone else has possession of discarded hardware. The ezNcrypt software uses this service for automatic authentication when the service is started. In order to work, the KSS must be activated for your machine. (The ezNcrypt installation will prompt for the Product Key and Activation Code).
What is Transparent Data Encryption (TDE)?
TDE is a technology employed by both Microsoft and Oracle to encrypt database content. TDE offers encryption at a column, table, and table space level. TDE solves the problem of protecting data at rest, encrypting databases both on the hard drive, and consequently, on backup media. The other value of TDE is that you can enable data security without having to make any changes to your application or database. ezNcrypt adds this critical TDE feature to open-source databases as a simple-to- use, snap-in module.
How granular is ezNcrypt for MySQL Databases?
You can encrypt data down to the table level. This means the less data encrypted, the less tax on your performance. You can also encrypt my.cnf, mysql logs, or even mysql system tables.
Is the InnoDB storage engine supported by ezNcrypt?
Yes. In order to encrypt tables using the InnoDB engine, all you have to do is to use separate files per table mode.
Is the MyISAM storage engine supported by ezNcrypt?
Yes. ezNcrypt supports MyISAM out of the box.
What about other storage engines?
Although we have not tested for all storage engines, ezNcrypt is really "agnostic" and should be able to support any file bases mysql storage engine using our customer access control rules.
How many requests from our server to your KSS server are done per query execution, or every time the MySQL server restarts?
All key requests are done when ezNcrypt is initially started. Once the key is active, KSS contact is not required for normal operation. During the installation process the system asks for a passphrase and optional salt. What are these for and where are they stored? The passphrase is simply a sequence of text that will be used to encrypt/unencrypt your data (you can think of it as a long password). The SALT is like a second passphrase. This further adds to the complexity of your security. Sometimes knowledge of the passphrase and salt will be split between 2 individuals at an organization if split knowledge is required.
What happens if we don't have internet connection or your KSS server is down?
ezNcrypt will continue to work correctly, (provided that the key has already been fetched from our servers, which is only done when the service is started). If for some reason the service can't access our server, ezNcrypt will ask the user for your passphrase and SALT, which can be typed in manually.
What happens when our license expires?
The passphrase and salt can no longer be fetched from our KSS servers so you will have to enter it manually and no new files can be encrypted.
What is the difference between the 2 editions - ezNcrypt for Databases and ezNcrypt Flex?
ezNcrypt for Databases Preconfigured rules that will allow a customer to install ezNcrypt and work with their DB right out of the box. Currently for MySQL - Stay tuned for postgreSQL and more. Currently MySQL to be encrypted transparently without making changes to applications, code or MySQL tables or schemas. The database is protected from any operating system user, including Linux Root, that does not have the key to unlock the data. ezNcrypt controls key access. The only internal mysql with proper grants/persmission can see the sensitive data. For more detailed information visit the product detail page here ezNcrypt Flex Implied by its name, ezNcrypt Flex is a flexible version of our ezNcrypt PaaS. ezNcrypt Flex allows you to create simple, custom rules enabling you to transparently encrypt, decrypt and access structured and unstructured data in real-time (including data at rest). This includes ANY database, application or file running on a Linux operating system.
What is the Key Storage System?
The Key Storage System (KSS) provides a platform for secure communication between the customer and Gazzang's Key Management servers. This interface has two main functions: Store customer encryption passphrase and SALT Gazzang product key Management.
What is the difference between using Gazzang's Standard and Enterprise Key Management?
If your servers can't access the Gazzang servers on the internet or you need or want to store and manage your own keys within your enterprise, you can optionally install and management your own KSS server - also known as KSS Enterprise. This server runs and operates the same way our hosted KSS. Pricing for KSS Enterprise starts at $5,000 per server.
What security layers are in place for accessing security keys?
The KSS offers multiple security layers to ensure that your key is protected and available when you need it. Only authorized servers can retrieve it. Uses industry standard SSL. The key is always encrypted while in transit. Once the connection is done, ezNcrypt performs additional checks to verify that the client is really an ezNcrypt licensed client. The connection is dropped in case one of the security checks fails.
What system requirements do we need to install ezNcrypt?
Check the ezNcrypt system requirements here.
What versions of MySQL does ezNcrypt support?
We currently support MySQL versions 4.x, 5.0, 5.1, 5.5
Does ezNcrypt use ecryptfs? Why isn't ecryptfs alone enough?
Yes ezNcrypt uses the ecryptfs module available on Linux kernels 2.6.19 (2.6.18-92 on Redhat) and above. ezNcrypt adds secure access controls and key management on top of Ecryptfs, securing data from root or other OS users.



see who's using gazzang

Gazzang Blog

Gazzang Twitter Feed