top of page

Veritas Appliance Design: Whole disk encryption

Designing interfaces for hardware-based whole disk encryption for NetBackup Flex Scale appliances for Gen 10 and Gen 11 models.

background mockup2.png

OVERVIEW

This project aims to perform encryption of data at rest (on disk) for all drives in Hewlett Packard Enterprise (HPE) for our flagship products, NetBackup Flex Scale appliances. The product requirement includes OS disks that rely on a hardware-level whole disk encryption solution. My responsibilities include

1) exploring workflows where users access & enable WDE in different key management services,

2) determining design functionalities by acknowledging product and technical constraints.

COLLABORATORS

1 PM, 6 engineers, 1 technical writer

WORK

Hi-fi design mockups, UX research 

TOOLS

Sketch, Figma, Jira, Confluence

DURATION

September 2023 - December 2023

Context

Context

A hardware-level whole disk encryption solution protects a disk in the event of theft or accidental loss, aka it protects the data on our devices. There is a priority need to design the interfaces and workflows of whole disk encryption on NetBackup Flex Scale appliances for Gen 10 and 11 models, so our users, when correctly deployed, are able to ensure that there's no unauthorized access to their data if the device is lost or stolen. In Veritas' NetBackup Flex Scale appliances, whole disk encryption is located under security management setting.

Context.png

Motivation

Many partner teams and users have sensitive data stored on our Flex Scale appliances. Based on technical feasibility, how can we perform data security at rest (on disk) for all the drives in HPE while driving higher sales for Gen 11 models?

Motivation

My responsibilities

As the only designer in this project, I designed interfaces and workflows for whole disk encryption (WDE) in high-fidelity mockups. I also worked closely with a technical product manager, two engineering leads who led the research and product requirement phase to help me understand user needs, as well as defined product goals, and with a technical writer to formalize contexts.

Product and design focuses

  1. Two ways of users accessing whole disk encryption when they land in Flex Scale dashboard

  2. Indicating requirements for enabling whole disk encryption: both password and primary recovery key are required even when users edit the existing disk encryption. We also explored use cases when user select different key management services (mode).

Outcome

Outcome

Introducing Whole disk encryption for Flex Scale appliances:

The solution is to design a hardware-level whole disk encryption to protect disks in Flex Scale appliances in the event of theft or accidental loss, in order to protect data on our devices. The feature requires users to enter distinct password and primary recovery key when they enable the encryption, as well as discusses scenarios when they select to enable encryption in different key management modes. When editing, we also ask users to change password and primary recovery keys as well, to ensure that there's no unauthorized access to existing and newly created data information.

Whole disk encryption design
Research

Research

The research phase involved two angles to understand about whole disk encryption and its requirements. I collaborated with my product manager and two engineering leads, who led the research effort to document our assumptions and together define goals through our growing knowledge.

Primary research: understanding user workflows

The initial requirements are determined by appliance engineers who evaluated the necessity and priority of adding whole disk encryption as part of security management in Flex Scale. Throughout discussions, we gained insights about workflows on how users access and enable WDE in two different key management modes (local vs. remote). We also made assumptions on user type based on existing user data.

Secondary research: auditing and analyzing Flex Scale design system

I made myself more familiar with enterprise-side hardware by spending substantial amount of time auditing NetBackup appliances including, NetBackup Flex Scale, Flex Appliances, Access Appliances, NetInsights Console. with a focus on Flex Scale, I understood the design pattern, high-level product goals and information architecture.

Research insights

Our team collected all the notes and synthesized into three key insights for this MVP, which move forward to become actionable design requirements for whole disk encryption in Flex Scale: 

Research findings

01

One-time password and recovery keys are two "must" requirements to enable whole disk encryption.

02

Due to the nature and priority of whole disk encryption in release, we need to find ways to locate this feature while users are easy to access.

03

In appliance environment, we consider two different key management services, local and remote key management modes where users are required to select one to encrypt data.

Design focuses

​—>

In NetBackup Flex Scale appliances, whole disk encryption will highlight password and recovery key (primary key) as required inputs, while other fields are asked based on user scenario.

​—>

Prioritize to show whole disk encryption in Flex Scale dashboard and setting page where users are easy to find and access it.

​—>

Explore two separate workflows that show different, even additional requirements that users need to enter to encrypt their data automatically with different key management modes.

Synthesis

Synthesis

User workflow - click to zoom in

User workflow.png
Solution

Solution

Our whole disk encryption prototypes consisted of web interface that included screens like dashboard, setting, security management, enabling WDE when in local or remote key management services (KMS). 

Accessing WDE in Flex Scale dashboard

Users are able to access whole disk encryption in security meter card on Flex Scale dashboard page.

Accessing WDE in Flex Scale Setting

Users are also able to access whole disk encryption in security management on Flex Scale setting page.

Enable WDE in local key management mode

Users select local key management mode when they enable WDE, where they are only required to provide a one-time password and a primary key (recovery key).

Enable WDE in remote key management mode

Users select remote key management mode when they enable WDE, where in additional to the required fields, they have to provide informational fields particularly on remote KMS.

Edit WDE entries in Local KMS

Users may edit their existing WDE entries after it's enabled, where they are asked to enter a new password, and choose to enter the original or a new primary recovery key before saving the new inputs, as they use local key management service.

Edit WDE entries in remote KMS

Users may edit their existing WDE entries after it's enabled. When they select to use remote key management service, they are asked to enter a new password, and choose to enter the original or a new primary recovery key, and other fields are pre-populated and optional to change.

Key screens overview

WDE-Key screens.png
Impact

Impact

My design responsibilities ended at hi-fi prototypes and successfully delivered to the team. With weekly design reviews, I was able to discuss opinions while internally testing with engineers, and receive feedback that I could revise promptly

Introduce whole disk encryption that meets the hardware-level requirements and visual pattern in existing Flex Scale appliances.

Design workflows are robust to technical constraints and can help predict to generate higher sales value in appliance models.

Takeaways

Takeaways

  • Different understandings towards contexts between stakeholders -guidance should be carefully designed in a 0-to-1 product to serve better comprehensions 

  • Bearing complex constraints in mind when designing workflows, being autonomous and collaborative in a fast-pacing environment.

bottom of page