Encryption License Key support specifications
The following table lists the support specifications for Encryption License Key.
|
Item |
Specification | |
|
Hardware specifications |
Encryption algorithm |
Advanced Encryption Standard (AES) 256 bit |
|
Encryption mode |
XTS mode | |
|
Encryption module standard |
VSP G200: Compliant to FIPS 140-2 Level 1 VSP G400, G600, G800, VSP F400, F600, F800: Compliant to FIPS 140-2 Level 2 VSP G1000, VSP G1500, and VSP F1500: Compliant to FIPS 140-2 Level 1 and Level 2* | |
|
LDEVs that you can encrypt |
Volume type |
Open, mainframe, multiplatform |
|
Emulation type |
All emulation types | |
|
Internal/external LDEVs |
Internal LDEVs only | |
|
LDEV with existing data |
Supported. Requires data migration. | |
|
Managing data encryption keys |
Creating data encryption keys |
Use Device Manager - Storage Navigator (HDvM - SN) to create data encryption keys. |
|
Deleting data encryption keys |
Use Device Manager - Storage Navigator to delete data encryption keys. However, you cannot delete data encryption keys that are allocated to implemented drives. | |
|
Unit of encryption/decryption |
Parity group. Data encryption key is used per HDD. | |
|
Scope of data encryption keys |
512 data encryption keys per storage system. You can create 512 Free keys or DEK keys. You can create 4 CEK keys and one KEK key. Therefore, the total number of data encryption keys will be 517 at the maximum when including CEK keys and KEK keys.
1,024 data encryption keys per storage system. You can create 1,024 Free keys or DEK keys. You can create 4 CEK keys and one KEK key. Therefore, the total number of data encryption keys will be 1,029 at the maximum when including CEK keys and KEK keys.
2,048 data encryption keys per storage system. You can create 2,048 Free keys or DEK keys. You can create 16 CEK keys and one KEK key. Therefore, the total number of data encryption keys will be 2,065 at the maximum when including CEK keys and KEK keys.
4,096 data encryption keys per storage system. You can create 4,096 Free keys or DEK keys. You can create 32 CEK keys and one KEK key. Therefore, the total number of data encryption keys will be 4,129 at the maximum when including CEK keys and KEK keys. | |
|
Attribute of encryption keys |
The following attributes will be set for the encryption keys: Free: The unused key before allocating the encryption key. DEK: The encryption key. The key for the encryption of the stored data. CEK: The certificate encryption key. The key for the encryption of the certificate and the key for the encryption of DEK per HDD. KEK: Key Encryption Key. The key for the encryption of the CEK. | |
|
Backup/Restore functionality |
Redundant (primary and secondary) backup/restore copies | |
|
* To use encryption modules compliant to FIPS 140-2 Level 2, contact Hitachi Solution Support Center. | ||