When encryption keys are used
After the encryption environment is set up, encryption keys are used to perform the following operations. In addition, if a problem occurs during an operation, extra keys might be needed to recover from the problem.
Adding drives
A Free key is needed for each drive to allocate a DEK.
Replacing drives
A Free key is needed for each drive to change an encryption key.
Decrypting parity groups
A Free key is needed for each drive in a parity group to change an encryption key.
Adding or replacing encryption disk adapters (encryption DKAs)
VSP Gx00 models, VSP Fx00 models: To replace an encryption DKA, 2 Free keys are used as CEKs, and 1 Free key is used to register them.
Replacing controllers
VSP G100, G200: 2 Free keys are used as CEKs, and 1 Free key is used to register them.
VSP G400, G600, G800; VSP F400, F600, F800: Free keys are not used.
Updating CEKs
VSP G100, G200: 2 Free keys for each controller and 4 Free keys per storage system are needed to change CEKs.
VSP G400, G600; VSP F400, F600: 2 Free keys for each encryption DKA (4 Free keys per storage system) are needed to change CEKs.
VSP G800, VSP F800: 2 Free keys for each encryption DKA (up to 16 Free keys per storage system, regardless of the number of encryption DKAs) are needed to change CEKs.