4 managing data encryption license keys, Workflow for creating data encryption license keys, Creating data encryption license keys – HP XP7 Storage User Manual
Page 17
4 Managing data encryption license keys
This chapter provides information on how to manage data encryption license keys. Managing the
keys includes ensuring availability of keys and accessibility to the encrypted or decrypted data.
Manage data encryption license keys using the EDKA feature in the HP XP7 Storage system.
You must have the Security Administrator (View & Modify) role to manage data encryption license
keys.
Workflow for creating data encryption license keys
Create a data encryption license key to use with the EDKA feature.
Use the following process to create a data encryption license key:
1.
Create the data encryption license key or group of keys.
For more information about creating keys, see
“Creating data encryption license keys”
.
2.
Back up a secondary data encryption license key.
Schedule regular backups of all of your data encryption license keys at the same time one
time every week to ensure data availability.
For more information about backing up secondary keys, see
secondary data encryption license keys” (page 18)
.
Creating data encryption license keys
If you need to change a data encryption license key, create a new data encryption license key.
4,048 Free keys or DEK keys are created when you configure encryption environmental settings
on the Edit Encryption Environmental Settings window for the first time (this differs from the
configuration. 4,048 keys are created if maximum disk adapters are installed). After that, you can
create 4,096 Free keys or DEK keys. You can create up to 4,096 encryption keys per storage
system. When you configure encryption environmental settings on the Edit Encryption Environmental
Settings window again, Free Keys are not created, and DEK keys and CEK keys are not updated.
Keys that were created previously will be used.
Encryption keys are commonly created in the storage system. However, when the key management
server is in use, and Generate Encryption Keys on Key Management Server is checked in the Edit
Encryption Environmental Settings window, encryption keys will be created on the key management
server, and used in the storage system.
After creating data encryption license keys, it is recommended that you back up each key.
1.
In the Administration tree, select Encryption Keys.
2.
In the top window, select the Encryption Keys tab.
3.
From the Settings menu, select Security > Encryption Keys > Key Generation.
4.
In the Key Generation window, specify the number of encryption keys you want to create. The
encryption keys with the attribute of Free will be set. The key IDs will be automatically assigned.
5.
To backup data encryption license keys to the key management server, click Next. Otherwise,
click Finish.
6.
In the Confirm window, complete the following and then click Apply:
•
Confirm the settings.
•
For Task Name, type the task name.
•
(Optional) Select Go to tasks window for status to open the Tasks window.
The new data encryption license key is created.
Workflow for creating data encryption license keys
17