Data Encryption Operations; Data Encryption; Disabling Encryption; Changing The Encryption Key - HP StorageWorks P9000 User Manual
Dka encryption user guide
Hide thumbs
Also See for StorageWorks P9000:
- Reference manual (399 pages) ,
- Manual (333 pages) ,
- User manual (322 pages)
Table of Contents
Advertisement
Data encryption operations
Data encryption
DKA Encryption provides data encryption at the parity-group level. First, encryption is enabled on
a parity group, and then the logical devices (LDEVs) in the parity group are formatted. This
encryption formatting operation writes encrypted zero data to the entire area of all drives in the
parity group.
Enabling data encryption is a destructive process. The user is responsible for backing up all data
in the parity group before enabling encryption. Encryption must be enabled before (encryption)
formatting operations can be performed.
The Security Administrator (View & Modify) role is required to enable encryption. For instructions,
see
"Enabling data encryption" (page
Encrypting existing data
Data migration is required to encrypt existing data on the P9500 storage system. First, a new
parity group is established and encryption is enabled, the encrypted parity group is formatted,
and then the existing data is migrated to the new LDEVs in the encrypted parity group. This data
migration is performed on a per-LDEV basis.
For information about data migration services, please contact your HP account team.
Disabling encryption
Disabling encryption is also performed at the parity-group level. First, encryption is disabled for a
parity group, and then the LDEVs in the parity group are formatted. This normal formatting operation
writes (unencrypted) zero data to the entire area of all drives in the parity group.
Disabling data encryption is a destructive process. The user is responsible for backing up all data
in the parity group before disabling encryption. Encryption must be disabled before (normal)
formatting operations can be performed.
The Security Administrator (View & Modify) role is required to disable encryption. For instructions,
see
"Disabling data encryption" (page
Changing the encryption key
Data migration is required to encrypt data with a different encryption key on the P9500 storage
system. First, a new parity group is established and encryption is enabled with a new encryption
key, the encrypted parity group is formatted, and then the existing data is migrated to the new
LDEVs in the encrypted parity group. This data migration is performed on a per-LDEV basis.
For information about data migration services, please contact your HP account team.
Audit logging of encryption events
The Audit Log feature of the P9500 storage system provides audit logging of key events that take
place on the array. Events related to DKA Encryption, including data encryption operations and
encryption key operations, are recorded in the audit log.
For information about audit logging and audit log events, see the HP StorageWorks P9000 Remote
Web Console User Guide and the HP StorageWorks P9000 Audit Log User Guide.
11).
12).
Data encryption operations
7
Advertisement
Table of Contents
