Enabling data encryption

Data encryption is enabled at the parity-group level.

Before you begin

  • Create the secondary backups of the data encryption keys. See Backing up data encryption keys.
  • Block the LDEVs in the parity group to be encrypted.

    For details, see Blocking LDEVs in a parity group.

  • You must have the Security Administrator (View & Modify) role.
  • You must have the Storage Administrator (Provisioning) role to format volumes.
  • The accelerated compression feature of the parity group must be disabled.

Procedure

  1. Display the Device Manager - Storage Navigator main window.

  2. Select Storage Systems in Explorer, and select Parity Groups.

  3. In the Parity Groups table, select a specific parity group on which you want to enable encryption and then click Edit Encryption.

    In the tree that is shown, Internal or External is displayed.

  4. To select an internal LDEV, select Internal. Otherwise, click the Parity Groups tab.

  5. In the Parity Groups table, select a specific parity group on which you want to enable encryption and then click Actions Parity Group Edit Encryption.

    NoteIf you do not select a specific parity group, data encryption is enabled on all of the parity groups in the list.

  6. In the Edit Encryption window, complete the following and then click Add:

    • For Available Groups, select the parity group for which you want to enable data encryption.
    • For Encryption, select Enable to enable data encryption for the selected parity group.
    • For Format Type, select the format type.

      Values: Quick Format (default), Normal Format, or No Format

    Caution If accelerated compression of the parity group is enabled, do not select Enable for Encryption. If you select Enable for Encryption, an error occurs when performing the task.

    The parity group you selected from the Available Parity Groups table is added to the Selected Parity Groups list.

    When you click Add, Format Type becomes inactive and you cannot select the format type. If you want to change the format type, delete all parity groups in the Selected Parity Groups list and then select the format type again.

    You do not need to format volumes when there are no volumes in the selected parity group. Therefore, the format type in the Selected Parity Groups list becomes a hyphen (-) regardless of the status of the format type.

  7. Click Finish.

  8. In the Confirm window, confirm the settings, and enter your task name in Task Name.

    If you want the Task window to open after you click Apply, select Go to tasks window for status.

    Click Apply.

  9. In the message that appears, click OK.

    Data encryption is enabled on the parity group.

  10. Format the LDEVs at the parity-group level. For instructions about formatting LDEVs, see Provisioning Guide.

Parent Topic