1 dka encryption overview, Dka encryption benefits, Dka encryption support specifications – HP XP7 Storage User Manual
Page 6
1 DKA Encryption Overview
To guarantee the security of the data, use the DKA Encryption (EDKA) feature to store encrypted
data in an LDEV and encrypt them. The DKA Encryption feature provides redundant backup and
restore capabilities to ensure data availability.
DKA Encryption benefits
Encrypting data can prevent information loss or leaks if a disk drive is physically removed from
the system. Failure, loss, or theft are the most common reasons for information loss.
The following lists the benefits of using the DKA Encryption feature:
•
Hardware-based AES 256 encryption in XTS mode for open and mainframe systems.
•
You can apply encryption to some or all of the internal drives without throughput or latency
impacts for data I/O and little to no disruption to existing applications and infrastructure.
•
Simplified and integrated key management that does note require specialized key management
infrastructure.
•
Data-center friendliness. The DKA Encryption feature:
Uses little additional power (equivalent of one 25 watt light bulb).
◦
◦
Produces negligible amounts of additional heat.
◦
Does not require additional rack space.
DKA Encryption support specifications
The following table lists the DKA Encryption feature’s support specifications.
Specification
Item
Advanced Encryption Standard (AES) 256 bit.
Encryption algorithm
Hardware
specifications
XTS mode.
Encryption mode
Open, mainframe, multiplatform.
Volume type
LDEVs that you can
encrypt
All emulation types.
Emulation type
Internal LDEVs only.
Internal/external LDEVs
Supported. Requires data migration.
LDEV with existing data
Use Remote Web Console (RWC) to create the
data encryption license key.
Creating data encryption license keys
Managing data
encryption license keys
Use RWC to delete data encryption license keys.
Deleting data encryption license keys
However, you cannot delete data encryption
license keys that are allocated to implemented
drives.
4,096 data encryption license keys per storage
system.
Scope of data encryption license keys
You can create 4,096 Free keys or DEK keys.
You can create 32 CEK keys and one KEK key.
Therefore, the total number of data encryption
license keys will be 4,129 when including CEK
keys and KEK keys.
The following attributes will be set for the
encryption license keys:
Attribute of encryption license keys
6
DKA Encryption Overview