Notes on use of dka encryption license key, Creating encryption keys, Backing up encryption keys – HP XP20000XP24000 Disk Array User Manual

Notes on use of DKA Encryption License Key

When using DKA Encryption License Key, take note of the following:

•

Only internal volumes of the storage system can be encrypted by using DKA Encryption License
Key. External volumes cannot be encrypted in that way.

•

An encryption-compliant disk adapter is required for using DKA Encryption License Key.

•

For both encryption-compliant DKAs and non-encryption-compliant DKAs, spare disks must be in-
stalled.
The spare disk of an encryption-compliant DKA cannot be used as a spare disk of a non-encryption-
compliant DKA (and vice versa.)

•

If there are any parity groups where encryption has been set, DKA Encryption License Key cannot
be deleted. Also, note that even if DKA Encryption License Key is deleted, the encryption key is
not deleted.

•

Only a user account that has the exclusive authority of operation (such as Encryption Administrator
role) can configure settings for DKA Encryption License Key.

Creating encryption keys

For data encryption and decryption, an encryption key must be used. One encryption key is created
per storage system.

An encryption key is automatically created in shared memory (SM) or local memory (LM) in the
following cases:

•

When the parity group on which encryption is set has been formatted.

•

When the service processor (SVP) has ordered the creation of an encryption key.

An encryption key is not created in these cases:

•

When an encryption key has already been created in the storage system. In this case, use the
encryption key that has already been created.

•

The encryption key does not exist in the storage system due to a failure in the storage system, even
though there is a parity group in the storage system where encryption has been set. In this case,
restore and use the backup encryption key.

Backing up encryption keys

The backup of an encryption key can be classified into the primary backup, such as creating a backup
in flash memory in the storage system, and the secondary backup, such as creating a backup on the
XP Remote Web Console. If encryption-compliant DKAs are not mounted, or if an encryption key is
not created, then a backup of the encryption key cannot be created.

•

Primary Backup:
Create a backup of the encryption key, which has been created on the SM or on the LM, in flash
memory in the storage system.
The primary backup is automatically executed when an encryption key is created.

•

Secondary Backup
Create a backup of the encryption key, created on the SM or on the LM, on the XP Remote Web
Console.

About DKA Encryption License Key operations

10