When encryption keys are used
After the encryption environment is set up, encryption keys are used to perform the following operations. In addition, if a problem occurs during an operation, extra keys might be needed to recover from the problem.
Adding drives
A Free key is needed for each drive to allocate a DEK.
Replacing drives
A Free key is needed for each drive to change an encryption key.
Decrypting parity groups
A Free key is needed for each drive in a parity group to change an encryption key.
Adding or replacing encrypting back-end directors (EBEDs)
VSP Gx00 models, VSP Fx00 models: To replace an EBED, 2 Free keys are used as CEKs, and 1 Free key is used to register them.
Replacing controllers
VSP G200: 2 Free keys are used as CEKs, and 1 Free key is used to register them.
VSP G400, G600, G800; VSP F400, F600, F800: Free keys are not used.
Updating CEKs
VSP G200: 2 Free keys for each controller and 4 Free keys per storage system are needed to change CEKs.
VSP G400, G600; VSP F400, F600: 2 Free keys for each EBED (4 Free keys per storage system) are needed to change CEKs.
VSP G800, VSP F800: 2 Free keys for each EBED (up to 16 Free keys per storage system, regardless of the number of EBEDs) are needed to change CEKs.