Page 1
Hitachi Virtual Storage Platform G1000 Encryption License Key User Guide INKS Contents Product Version Getting Help MK-92RD8009-04...
Page 2
Hitachi, Ltd. Hitachi, Ltd., reserves the right to make changes to this document at any time without notice and assumes no responsibility for its use. This document contains the most current information available at the time of publication.
Preface This document describes and provides instructions for installing and using the Encryption License Key feature of the Hitachi Virtual Storage Platform G1000 storage system. Please read this document carefully to understand how to use this product, and maintain a copy for reference purposes.
Readers of this document should be familiar with the following: • Data processing and RAID storage systems and their basic functions. • The Hitachi Virtual Storage Platform G1000 and the Hitachi Virtual Storage Platform G1000 Product Guide. • The Hitachi storage management software for the Hitachi Virtual Storage...
Indicates that you have a choice between two or more options or arguments. Example:[ a | b ] means that you can choose a, b, or nothing. Underline Indicates the default value. Example: [ a | b ] Preface Hitachi Virtual Storage Platform G1000 Encryption License Key User Guide...
Getting help The Hitachi Data Systems customer support staff is available 24 hours a day, seven days a week. If you need technical support, log on to the Hitachi Data Systems Portal for contact information: https://portal.hds.com. Comments Please send us your comments on this document: doc.comments@hds.com.
Encryption License Key benefits To guarantee the security of data, use the Encryption License Key feature to encrypt the data stored on the Hitachi Virtual Storage Platform G1000. Encrypting data can prevent information loss and leaks, for example, when a drive is physically removed from the storage system due to failure or theft.
MP package. The Encryption License Key feature enables you to create secondary backups of the data encryption license keys for the Hitachi Virtual Storage Platform G1000. If the primary backup key is unavailable, the secondary backup is required to restore the key.
4-4. Audit logging of encryption events The Audit Log feature of the Hitachi Virtual Storage Platform G1000 provides audit logging of events that happen in the system. The audit log records events related to data encryption and data encryption license keys.
To encrypt existing data, you must migrate the data to an encrypted parity group. Use the following process to encrypt existing data: Create a new parity group. Encryption License Key Overview Hitachi Virtual Storage Platform G1000 Encryption License Key User Guide...
Workflow for disabling data encryption at the parity-group level on page 4-8. Format the LDEVs in the parity group. For instructions, see the Hitachi Virtual Storage Platform G1000 Provisioning Guide for Open Systems. Workflow for changing the encryption license key...
Supported volumes: Internal Disk adapter A disk adapter that provides data encryption. Enabling the Encryption License Key feature To enable the Encryption License Key feature: Encryption License Key Installation Hitachi Virtual Storage Platform G1000 Encryption License Key User Guide...
Enable the software license key for the Encryption License Key feature. For instructions, see the Hitachi Virtual Storage Platform G1000 System Administrator Guide. If the Encryption License Key software license expires or is missing, you cannot delete the encryption key.
Key Management Server Connections You can use an optional key management server with the Hitachi Virtual Storage Platform G1000. This chapter provides information on setting up the key management server. □ Key management server requirements □ Workflow for edit encryption environmental settings...
Before you configure the connection settings to the key management server, you must upload the root certificate and the client certificate. Prerequisites • Required role: Security Administrator (View & Modify) Key Management Server Connections Hitachi Virtual Storage Platform G1000 Encryption License Key User Guide...
Check with the key management server administrator, then save a back up copy of the client certificate. Back up the connection settings to the key management server. For instructions, see the Hitachi Virtual Storage Platform G1000 System Administrator Guide. Key Management Server Connections...
Therefore, it is recommended that you confirm that the SVP is connected to the key management server properly before turning the storage system on. Key Management Server Connections Hitachi Virtual Storage Platform G1000 Encryption License Key User Guide...
Settings in the Edit Encryption Environmental Settings window To manage encryption keys properly, refer to the following flow chart and table and choose settings for the Edit Encryption Environmental Settings window accordingly. Key Management Server Connections Hitachi Virtual Storage Platform G1000 Encryption License Key User Guide...
Page 27
Do not check Do not check Select Enable Check Do not check Do not check Select Enable Check Check Do not check Select Enable Check Check Check Key Management Server Connections Hitachi Virtual Storage Platform G1000 Encryption License Key User Guide...
Page 28
Key Management Server Connections Hitachi Virtual Storage Platform G1000 Encryption License Key User Guide...
Managing data encryption license keys This chapter provides instructions for managing data encryption license keys using the Encryption License Key feature of the Hitachi Virtual Storage Platform G1000 storage system. □ Workflow for creating data encryption license keys □ Editing the password policy □...
Use the following process to back up a secondary data encryption license key: Confirm that the Virtual Storage Platform G1000 is not processing other tasks. You cannot back up a key while the Virtual Storage Platform G1000 is processing other tasks.
Back up data encryption license keys to a key management server. The data encryption license keys that you back up to a key management server are managed with the client certificate. Managing data encryption license keys Hitachi Virtual Storage Platform G1000 Encryption License Key User Guide...
Expand the target storage system, and then select Encryption Keys. In Device Manager - Storage Navigator : Display the Device Manager - Storage Navigator main window. Select Administration in Explorer, and select Encryption Keys. Managing data encryption license keys Hitachi Virtual Storage Platform G1000 Encryption License Key User Guide...
In the Confirm window, confirm the settings, and enter your task name in Task Name. If you want the Task window to open after you click Apply, select Go to tasks window for status. Managing data encryption license keys Hitachi Virtual Storage Platform G1000 Encryption License Key User Guide...
4-3. Block the LDEVs at the parity-group level. For details, see the Hitachi Virtual Storage Platform G1000 Provisioning Guide for Mainframe Systems or Hitachi Virtual Storage Platform G1000 Provisioning Guide for Open Systems. Enable data encryption on the parity group.
Workflow for disabling data encryption at the parity-group level Disable encryption, or decrypt data, at the parity-group level. Back up the secondary data encryption license key. Managing data encryption license keys Hitachi Virtual Storage Platform G1000 Encryption License Key User Guide...
4-3. Block the LDEVs at the parity-group level. For details, see the Hitachi Virtual Storage Platform G1000 Provisioning Guide for Mainframe Systems or Hitachi Virtual Storage Platform G1000 Provisioning Guide for Open Systems. Disable data encryption at the parity-group level.
Use the following process to restore a data encryption license key: Block the LDEVs associated to the encrypted parity group. 4-10 Managing data encryption license keys Hitachi Virtual Storage Platform G1000 Encryption License Key User Guide...
For details, see the Hitachi Virtual Storage Platform G1000 Provisioning Guide for Open Systems or the Hitachi Virtual Storage Platform G1000 Provisioning Guide for Mainframe Systems. Restore the data encryption license key from a primary or secondary backup copy. Do one of the following: Restore the data encryption license key from a file backed up on the ¢...
Delete a data encryption license key from a file on the HCS management server or HDvM - SN computer or from a key management server. Use the following process to delete a data encryption license key: 4-12 Managing data encryption license keys Hitachi Virtual Storage Platform G1000 Encryption License Key User Guide...
Task Name. If you want the Task window to open after you click Apply, select Go to tasks window for status. Click Apply. 4-13 Managing data encryption license keys Hitachi Virtual Storage Platform G1000 Encryption License Key User Guide...
The data encryption license key is deleted. Related topics • View Backup Keys on Server window on page A-23 • Delete Backup Keys on Server window on page A-22 4-14 Managing data encryption license keys Hitachi Virtual Storage Platform G1000 Encryption License Key User Guide...
Encryption Keys table. Click More Actions > Export. When the Ready to Download message appears, click OK. 4-15 Managing data encryption license keys Hitachi Virtual Storage Platform G1000 Encryption License Key User Guide...
Required role: Security Administrator (View & Modify) In Hitachi Command Suite: On the Resources tab, click Storage Systems, and then expand All Storage Systems. 4-16 Managing data encryption license keys Hitachi Virtual Storage Platform G1000 Encryption License Key User Guide...
Contact the Hitachi Data Systems Support Center to restore the disk adapter and blocked drives or blocked volumes. 4-17 Managing data encryption license keys Hitachi Virtual Storage Platform G1000 Encryption License Key User Guide...
If you want the Task window to open after you click Apply, select Go to tasks window for status. Click Apply. Related topics • Edit Encryption Environmental Settings window on page A-5 4-18 Managing data encryption license keys Hitachi Virtual Storage Platform G1000 Encryption License Key User Guide...
Troubleshooting This chapter provides troubleshooting information for Encryption License Key. □ Troubleshooting for Encryption License Key □ Contacting the Hitachi Data Systems Support Center Troubleshooting Hitachi Virtual Storage Platform G1000 Encryption License Key User Guide...
For troubleshooting information for Device Manager - Storage Navigator, see the Hitachi Virtual Storage Platform G1000 System Administrator Guide. For details about HDvM - SN error messages, see Hitachi Device Manager - Storage Navigator Messages. The following table provides general troubleshooting information for Encryption License Key.
Configure the encryption environmental settings again. Contacting the Hitachi Data Systems Support Center When contacting the Hitachi Data Systems Support Center, provide as much information about the problem as possible, including: • The circumstances surrounding the error or failure.
Page 50
Device Manager - Storage Navigator. The Hitachi Data Systems Support Center is available 24 hours a day, seven days a week. If you need technical support, log on to the Hitachi Data Systems Support Portal for contact information: https://portal.hds.com...
Page 53
Summary Use the Summary to view details about the number of data encryption license keys and to open the View Backup Keys on Server window. Encryption License Key GUI Reference Hitachi Virtual Storage Platform G1000 Encryption License Key User Guide...
Page 54
When the attribute is KEK, a hyphen (-) is displayed. Create Keys Click to open the Create Keys window. Backup Keys Select To File to open the Backup Keys to File window. Encryption License Key GUI Reference Hitachi Virtual Storage Platform G1000 Encryption License Key User Guide...
Items to be configured in the Edit Encryption Environmental Settings window can be changed under the following conditions: • When the key management server is not in use Encryption License Key GUI Reference Hitachi Virtual Storage Platform G1000 Encryption License Key User Guide...
Page 56
When you use the key management server, the following items display: • Primary server • Secondary server • Server Configuration test Primary Server Specify the primary server information. Encryption License Key GUI Reference Hitachi Virtual Storage Platform G1000 Encryption License Key User Guide...
Page 57
Select Check to start a server connection test for the key management server based on the specified settings. Check Start a server connection test for the key management server based on the specified settings. Encryption License Key GUI Reference Hitachi Virtual Storage Platform G1000 Encryption License Key User Guide...
Page 58
I Agree. Initialize Encryption Select to initialize the connection settings to the key Environmental Settings management server. Encryption License Key GUI Reference Hitachi Virtual Storage Platform G1000 Encryption License Key User Guide...
Port number: The port number of the key management server. • Timeout (sec.): The time until the connection attempt to the key management server times out. Encryption License Key GUI Reference Hitachi Virtual Storage Platform G1000 Encryption License Key User Guide...
Use the Create Keys wizard to create keys and to backup keys to the key management server. This wizard includes the following windows: • Create Keys window • Confirm window A-10 Encryption License Key GUI Reference Hitachi Virtual Storage Platform G1000 Encryption License Key User Guide...
DEK and Free keys from 4,096. Create Keys confirmation window The following is the Confirm window in the Create Keys wizard. A-11 Encryption License Key GUI Reference Hitachi Virtual Storage Platform G1000 Encryption License Key User Guide...
Edit Password Policy (Backup Encryption Keys) confirmation window Use the Confirm window in the Edit Password Policy (Backup Encryption Keys) wizard to confirm the changes to the password policy. A-13 Encryption License Key GUI Reference Hitachi Virtual Storage Platform G1000 Encryption License Key User Guide...
HCS management server or HDvM - SN computer. This wizard includes the following windows: • Backup Keys to File window • Confirm window A-14 Encryption License Key GUI Reference Hitachi Virtual Storage Platform G1000 Encryption License Key User Guide...
The password for the backup data encryption license key. Character limits: 6 to 255 Valid characters: • Numbers (0 to 9) • Upper case (A-Z) • Lower case (a-z) A-15 Encryption License Key GUI Reference Hitachi Virtual Storage Platform G1000 Encryption License Key User Guide...
Use the Backup Keys to Server wizard to backup data encryption license keys on the key management server. This wizard includes the following windows: • Backup Keys to Server window • Confirm window A-16 Encryption License Key GUI Reference Hitachi Virtual Storage Platform G1000 Encryption License Key User Guide...
Character limits: 256 Backup Keys to Server confirmation window Item Description Description Shows the description for the backup data encryption license key. A-17 Encryption License Key GUI Reference Hitachi Virtual Storage Platform G1000 Encryption License Key User Guide...
Select the backup file (.ekf). The name of the selected file is shown for File Name. Password The password that you typed when you created the backup data encryption license key. A-18 Encryption License Key GUI Reference Hitachi Virtual Storage Platform G1000 Encryption License Key User Guide...
Use the Restore Keys from Server wizard to restore data encryption license keys from the key management server. This wizard includes the following windows: • Restore Keys from Server window • Confirm window A-19 Encryption License Key GUI Reference Hitachi Virtual Storage Platform G1000 Encryption License Key User Guide...
Shows the description you typed when you backed up the data encryption license key on the key management server. Restore Keys from Server confirmation window A-20 Encryption License Key GUI Reference Hitachi Virtual Storage Platform G1000 Encryption License Key User Guide...
Use the Delete Backup Keys on Server window to confirm the deletion of a backup key. This window includes the Selected Backup Keys table. A-22 Encryption License Key GUI Reference Hitachi Virtual Storage Platform G1000 Encryption License Key User Guide...
Use the View Backup Keys on Server window to view a list of the backup data encryption license keys on the server. This window includes the Backup Keys table. A-23 Encryption License Key GUI Reference Hitachi Virtual Storage Platform G1000 Encryption License Key User Guide...
Restore Keys from Server Opens the Restore Keys from Server window. button Edit Encryption wizard Use the Edit Encryption wizard to do the following: A-24 Encryption License Key GUI Reference Hitachi Virtual Storage Platform G1000 Encryption License Key User Guide...
Available Parity Groups table Use the Available Parity Groups table on the Edit Encryption window to view a list of the available parity groups. A-25 Encryption License Key GUI Reference Hitachi Virtual Storage Platform G1000 Encryption License Key User Guide...
Page 76
(-) regardless of the status of the format type. Use this button to move a selected parity group in the Available Parity Groups table to the Selected Parity Groups table. A-26 Encryption License Key GUI Reference Hitachi Virtual Storage Platform G1000 Encryption License Key User Guide...
Use the Confirm window to confirm the changes to the data encryption license key and to view a list of the selected parity groups related to the data encryption license key. A-27 Encryption License Key GUI Reference Hitachi Virtual Storage Platform G1000 Encryption License Key User Guide...
Page 78
Therefore, the format type in the Selected Parity Groups list becomes “-” (a hyphen) regardless of the status of Format Type. A-28 Encryption License Key GUI Reference Hitachi Virtual Storage Platform G1000 Encryption License Key User Guide...
Item Description Task Name You can enter up to 32 ASCII characters (letters, numerals, and symbols) in Task Name. Task names are case-sensitive. A-30 Encryption License Key GUI Reference Hitachi Virtual Storage Platform G1000 Encryption License Key User Guide...
Electronic Code Book emulation type Indicates the type of LDEV (for example, OPEN-V, 3390-9). Encryption Administrator User role in Hitachi Command Suite and Device Manager - Storage Navigator with permission to perform Encryption License Key operations. Compare with Storage Administrator. Glossary-1...
Page 82
The data encryption license key is used to encrypt and decrypt data on the Hitachi Virtual Storage Platform G1000. external volume A volume whose data is stored on drives that are physically outside of the RAID storage system. Universal Volume Manager is used to manage external storage. Compare with internal volume.
Page 83
SIMs are reported to hosts and displayed on Device Manager - Storage Navigator. Storage Administrator User role in Hitachi Command Suite and Device Manager - Storage Navigator with permission to perform data encryption operations. Compare with Encryption Administrator. S-VOL secondary volume (source volume for Hitachi Compatible FlashCopy®)
Page 84
The number 0 (zero). A zero-formatting operation is a formatting operation that writes the number 0 (zero) to the entire disk area. Glossary-4 Hitachi Virtual Storage Platform G1000 Encryption License Key User Guide...
Page 88
Hitachi Data Systems Corporate Headquarters 2845 Lafayette Street Santa Clara, California 95050-2639 U.S.A. www.hds.com Regional Contact Information Americas +1 408 970 1000 info@hds.com Europe, Middle East, and Africa +44 (0)1753 618000 info.emea@hds.com Asia Pacific +852 3189 7900 hds.marketing.apac@hds.com MK-92RD8009-04...