Restoring encryption keys, Setting or releasing encrypted parity groups, Formatting an encrypted ldev – HP XP20000XP24000 Disk Array User Manual
Page 11: 11 setting or releasing encrypted parity groups, 11 formatting an encrypted ldev
The execution of secondary backup requires the exclusive authority of operation (such as an En-
cryption Administrator role). For details on exclusive authority of operation, see the HP Storage-
Works XP24000/XP20000 Remote Web Console User’s Guide.
Restoring encryption keys
Restoring an encryption key can be classified into restore from the primary backup and restore from
the secondary backup. If encryption-compliant DKAs are not mounted, an encryption key cannot be
restored.
•
Restore from Primary Backup
If an encryption key on the SM or on the LM is unavailable, the encryption key of the primary
backup can be used.
Restore from primary backup is automatically executed by the storage system.
•
Restore from Secondary Backup
If an encryption key in the storage system, including the encryption key backed up by the primary
backup, is unavailable, restore the encryption key using the secondary backup.
Restore from the secondary backup requires the exclusive authority of the Encryption Administrator.
For the details, see the HP StorageWorks XP24000/XP20000 Remote Web Console User’s Guide.
Note: If the encryption key on the SM or on the LM and the encryption key of the primary backup
both become unavailable and, concurrently, the encryption key of the secondary backup becomes
unavailable, data cannot be decrypted. Make a secondary backup before starting the operation
of DKA Encryption License Key and check the settings carefully before backup and restore of the
encryption key.
Setting or releasing encrypted parity groups
If DKA Encryption License Key is installed, you can specify the volume whose data to encrypt, by the
parity group, by clicking Encryption in the VLL window. For details about the VLL window, see
For more information, see
Setting or releasing an encrypted parity group
Notes:
•
Setting and releasing encryption can be executed only if all the volumes belonging to a parity
group are blocked or there are no volumes in a parity group. If there are any volumes that are
not blocked in a parity group, encryption cannot be set or released.
•
If the license key of the DKA Encryption License Key program product expires, encryption can be
released from the SVP or the Remote Web Console.
•
Once encryption is set, all the data in the volume is deleted by encryption formatting (see
, page 11). Therefore, before the whole parity group is to be
formatted, such as adding parity groups or formatting the LDEV by using the LDEV formatting
function of the VLL, encryption must be set.
For more information on the LDEV formatting function of the VLL, see the HP StorageWorks
XP24000/XP20000 Virtual LVI/LUN (VLL) and Volume Shredder User's Guide.
Formatting an encrypted LDEV
To format the parity group where encryption has been set, format the whole area of the disk by writing
the encrypted zero data to the whole area. This is called encryption formatting.
XP24000/XP20000 Disk Encryption User's Guide
11