Change data encryption license key workflow, Migration practices with encryption, Audit logging of encryption events – HP StorageWorks XP Data Integrity Check XP Software User Manual
Page 8: Encryption states and protection
1.
Data in the parity group is backed up.
2.
Data encryption at the parity-group level is disabled.
3.
The LDEVs in the parity group are formatted.
4.
The LDEVs are unblocked.
For more information about disabling encryption, see
“Disabling data encryption at the parity-group
.
Change data encryption license key workflow
You must migrate data to encrypt data with a different data encryption license key on the P9500
storage system.
For more information about migration practices with encryption, see
.
Changing encryption license keys goes through the following process:
1.
A new parity group is created.
2.
Encryption is enabled with a new data encryption license key.
3.
The LDEVs in the encrypted parity group are formatted.
4.
The source data is migrated to the new target LDEVs in the encrypted parity group.
5.
The data is encrypted with the new data encryption license key on the P9500 storage system.
Migration practices with encryption
Migrate encrypted source data by encrypting the target LDEV. Migrate data on a per-LDEV basis.
As a best practice, match encrypted areas with other encrypted areas. Do not mix encrypted and
unencrypted areas.
NOTE:
When migrating an encrypted LUSE LDEV, migrate all LDEVs within the LUSE volume so
that you do not have encrypted and non-encrypted areas.
For more information about encrypting an LDEV, see
“Enable data encryption at the parity-group
Audit logging of encryption events
The P9500 storage system Audit Log feature provides audit logging of events that happen in the
system. The audit log records events related to data encryption and data encryption license keys.
For more information about audit logging, audit log events, and the Audit Log feature, see the HP
XP P9000 Remote Web Console User Guide and the HP XP P9000 Audit Log User Guide.
Encryption states and protection
Match the encryption states of the primary (P-VOL) and secondary (S-VOL), pool (pool-VOL), journal,
or virtual volume (V-VOL). The encryption states must match to copy data or differential data and
to protect the data. If the state of the P-VOL is “Encrypt”, then the state of all other LDEVs referenced
by or associated with the P-VOL should also be “Encrypt”.
This practice also applies to migration situations.
For more information about migration and encryption, see
“Migration practices with encryption”
.
8
DKA Encryption Overview