Restore a data encryption key from the primary or secondary backup copy when all the LDEVs belonging to an encrypted parity group are blocked or if an existing data encryption key becomes unavailable or cannot be used (for example, due to a system failure).
Restoration is performed in a batch for the backed up data encryption keys (including free keys, DEK, and CEK): 516 keys for
VSP G100 or
VSP G200 models, 1,028 keys for VSP G400, G600 models and VSP F400, F600 models, and 2,064 keys for VSP G800 and VSP F800 models where key information is lost or deleted.
The system automatically restores data encryption keys from the primary backup. You must have the Security Administrator (View & Modify) role to restore the data encryption key from a secondary backup data encryption key.
CautionWhen you restore the data encryption key, always restore the latest key. If a data encryption key is updated after a secondary backup is performed, and the restored key is not the latest key, drives and
encryption
DKAs will be blocked and will not be able to read data.
To restore the data encryption key, the volumes belonging to the parity group for which the key is set must be blocked. In addition, after the restoration of the key, the volumes belonging to the parity group for which encryption key is set must be restored.
a performance-friendly AES-256-XTS encryption capability on the back-end I/O director. This capability protects data at rest on internal storage media (including disk drives and flash drives) attached to those directors. While many levels of encryption are available to the enterprise, protecting data at rest by using the array-level encryption of the storage system provides the following advantages: causes minimal to no performance impact within your operations, remains transparent to existing host servers and switches, shreds storage media by deleting the encryption key, simplifies key management to reduce the risk of the loss of encryption keys and data, and supports logging of encryption and key management events. In addition, many regulations encourage or require encryption of personally identifiable information (PII) and other sensitive data. Array-level encryption handles this type of data as well.
