Primary and secondary data encryption keys
The storage system automatically creates a primary backup of each data encryption key and stores this backup on each MP package. The Encryption License Key feature enables you to create secondary backups of the data encryption keys for the storage system. If the primary backup key is unavailable, the secondary backup is required to restore the key.
CautionIf the primary backup key becomes unavailable and no secondary backup key exists, the system cannot decrypt the encrypted data.
It is strongly recommended that you back up each key or group of keys immediately after you create them and schedule regular weekly backups of all keys to ensure data availability. You are responsible for storing the secondary backup keys securely.
It is also recommended that you back up each key after you perform any of the following operations:
- Creating encryption keys
- Adding, removing, or replacing drives
- Adding, removing, or replacing encryption DKAs for VSP G400, G600, G800 or VSP F400, F600, F800
- Replacing controllers for VSP G100 or VSP G200
- Updating CEK keys
- Updating KEK keys
NoteThe creation and secure storage of secondary backup encryption keys must be included as part of your corporate security policy.