Encryption Guidelines - HPE StoreOnce 6500 User Manual

This is the passphrase to be used for the link and must also be configured on the device to which
the link is made. The passphrase can be shown in plain text. Or check Show characters to display
the passphrase as a series of dots and asterisks.
4. Click OK to add the encryption link details to the subnet configuration and redisplay the Network page.

Encryption guidelines

Multiple different encrypted links may be set up for each subnet to allow connectivity to multiple client
systems.
IMPORTANT:
Data in Flight Encryption is not supported for IPv6 subnets.
Data in Flight Encryption is intended to be used to secure network links between data centers for
StoreOnce VTL or NAS Replication, or for Low Bandwidth Catalyst Copy operations. Using Data In
Flight Encryption for direct backup operations to the StoreOnce appliance over a local network is
not supported due to the performance impact of the encryption.
The user must configure both the StoreOnce appliance(s) and Client computer with an equivalent
configuration and use the same Passphrase.
A single Encryption Link allows a specific client IP address to have a secure connection with all nodes
and IP addresses configured by the subnet. Each Encryption Link applies to:
• All IP addresses in the Subnet of the specific network addressing mode (IPv4) including both VIF and
Physical address, if appropriate.
• All nodes in the cluster.
The following guidelines apply:
• Encryption links may not be applied to Management only or to Both (Management + Data) Port Sets.
They may only be applied to Data subnets.
• There is no limit to the number of Encryption Links per subnet.
• If using IPv4, configurations for Encryption Links are possible and auto detected based on the IP
address format used for the client-side IP.
• Encryption Links may not be configured on IPv6 subnets.
• Encryption Links may be created or deleted, they cannot be modified. If you wish to change the
passphrase used for a link, you must delete and re-create that link with the new passphrase.
License requirements
In order to create encryption links, a security pack license must be present on the StoreOnce appliance. If
no license has been applied (or the license has expired), the Network page will show the Encryption Link
section with a message and a Warning triangle icon, the text says "Security Pack License not installed".
The New button is greyed out but the Delete button is still active in order to allow deletion of Encryption
links that were created prior to the security pack license expiring.
214 Encryption guidelines