Kmip key management server support, Data encryption at the parity-group level workflow, Data encryption on existing data workflow – HP StorageWorks XP Data Integrity Check XP Software User Manual
Page 7: Disable encrypted data workflow
You can use the EDKA feature to back up data encryption license keys. The P9500 storage system
automatically creates a primary backup of the data encryption license key, and stores this backup
on each MP package.
You can create a secondary backup data encryption license key. The secondary backup is required
to restore the key if the primary backup is unavailable.
For more information about backing up secondary data encryption license keys, see
secondary data encryption license key workflow” (page 17)
.
KMIP key management server support
Using the P9500 storage system, you can create backup and restore data encryption license keys
on a key management server that supports Key Management Interoperability Protocol (KMIP).
For more information about backing up data encryption license keys to a key management server,
see
“Backing up keys to a key management server” (page 18)
.
Data encryption at the parity-group level workflow
The EDKA feature provides data encryption at the parity-group level. Use the following process to
set up for data encryption and enable data encryption on the parity group:
1.
Back up a secondary data encryption license key.
For more information about backing up secondary keys, see
encryption license key workflow” (page 17)
.
2.
Enable data encryption at the parity-group level.
For more information about enabling data encryption at the parity-group level, see
data encryption at the parity-group level” (page 19)
.
3.
Format the logical devices (LDEVs) in the parity group.
For more information about formatting LDEVs at the parity-group level, see
formatting at the parity-group level” (page 21)
Data encryption on existing data workflow
Data encryption on existing data goes through the following process:
1.
A new parity group is created.
For more information about creating parity groups, see the HP XP P9000 Provisioning for
Mainframe Systems User Guide.
2.
Data encryption on the parity group is enabled.
For more information about enabling data encryption at the parity-group level, see
data encryption at the parity-group level workflow” (page 19)
.
3.
The LDEVs in the encrypted parity group are formatted.
For more information about formatting LDEVs in the encrypted parity group, see
encryption formatting at the parity-group level” (page 21)
4.
The existing data is migrated to the new LDEVs in the encrypted parity group.
For more information about migrating existing data to the new LDEVs in the encrypted parity
group, see
“Moving unencrypted data to an encrypted environment workflow” (page 22)
For more information about how to move unencrypted data to an encrypted environment, see
“Moving unencrypted data to an encrypted environment workflow” (page 22)
.
Disable encrypted data workflow
Disabling encryption goes through the following process:
KMIP key management server support
7