Change data encryption license key workflow, Migration practices with encryption, Audit logging of encryption events – HP XP7 Storage User Manual

Change data encryption license key workflow

You must migrate data to encrypt data with a different data encryption license key on the HP XP7
Storage system.

For more information about migration practices with encryption, see

“Migration practices with

encryption” (page 9)

.

Use the following process to change encryption license keys:

1.

A new parity group is created.

2.

Encryption is enabled with a new data encryption license key.

3.

The LDEVs in the encrypted parity group are formatted.

4.

The source data is migrated to the new target LDEVs in the encrypted parity group.

5.

The data is encrypted with the new data encryption license key on the HP XP7 Storage system.

Migration practices with encryption

Migrate encrypted source data by encrypting the target LDEV. Migrate data on a per-LDEV basis.
As a best practice, match encrypted areas with other encrypted areas. Do not mix encrypted and
unencrypted areas.

For more information about encrypting an LDEV, see

“Workflow for enabling data encryption on

parity groups” (page 20)

.

Audit logging of encryption events

The HP XP7 Storage system Audit Log feature provides audit logging of events that happen in the
system. The audit log records events related to data encryption and data encryption license keys.

For more information about audit logging, audit log events, and the Audit Log feature, see the HP
XP7 Remote Web Console User Guide and the HP XP7 Audit Log User and Reference Guide.

Encryption states and protection

Match the encryption states of the primary (P-VOL) and secondary (S-VOL), pool (pool-VOL), journal,
or virtual volume (V-VOL). The encryption states must match to copy data or differential data and
to protect the data. If the state of the P-VOL is “Encrypt”, then the state of all other LDEVs referenced
by or associated with the P-VOL should also be “Encrypt”.

This practice also applies to migration situations.

For more information about migration and encryption, see

“Migration practices with encryption”

(page 9)

.

Interoperability with other software applications

Use the following table to determine the interoperability of software applications with data
encryption.

Interoperability notes

Software application

Encrypt the P-VOL and S-VOLs (for Compatible FlashCopy, S-VOL and
T-VOLs)to ensure data security.

Business Copy, Continuous Access
Synchronous, Compatible FlashCopy,
and Compatible XRC

Match the encryption states of the P-VOL and pool-VOL. If the P-VOL is
encrypted, encrypt all of the pool-VOLs. If the data pool contains
non-encrypted pool-VOL, the differential data of the P-VOL is not encrypted.

Fast Snap

Match the encryption states of a P-VOL and S-VOL. If you encrypt the P-VOL
only, the data copied on the S-VOL is not encrypted is not protected.

Continuous Access Journal

When you encrypt a P-VOL or S-VOL, use a journal to which only encrypted
LDEVs are registered as journal volumes. If the encryption states of the P-VOL,

Change data encryption license key workflow

9