System requirements

The following table lists the system requirements for the Encryption License Key feature.

Item

Requirements

Storage system

For Encryption License Key:

  • VSP G1000: Microcode 80-01-2x or later
  • VSP G1500, VSP F1500: Microcode 80-05-0x or later
  • VSP G/F350, G/F370, G/F700, G/F900: Firmware 88-01-0x or later
  • VSP G1x00, VSP F1500, VSP G/F700, VSP G/F900: Encrypting back-end directors (EBEDs)

    For both EBEDs and standard BEDs, spare disks must be installed. The spare disk of an EBED cannot be used as a spare disk of a standard BED, and the spare disk of a standard BED cannot be used as a spare of an EBED.

  • VSP G/F350, VSP G/F370: Encryption controllers

For FMD Encryption License Key:

  • VSP G1500, VSP F1500: Microcode 80-06-4x or later
  • FMD-HDE drives

Software license

Encryption License Key software license and/or FMD Encryption License Key software license

Note: The FMD-HDE drives can be installed behind (nonencryption) back-end directors or EBEDs. When FMD-HDE drives are installed behind EBEDs, encryption is performed only by the drives.

Note: If the license for Encryption License Key or FMD Encryption License Key is deleted or expires, encryption keys cannot be created.

Device Manager - Storage Navigator

The Security Administrator (View & Modify) role is required to perform encryption operations (for example, enabling and disabling encryption on parity groups, backing up and restoring keys).

If you need to restore an encryption key that is not the latest key from a secondary backup copy, you must have the Security Administrator (View & Modify) and Support Personnel (View & Modify) roles.

If you plan to enable regular encryption key backups on the key management server, you must designate a specific user as the regular backup user. The regular backup user must have the Security Administrator (View & Modify) role. If you are not logged in as the designated regular backup user, the System Administrator (System Resource Management) role is required to view details about a regular backup task.

Data volumes

Emulation: All volume emulation types (open-systems, mainframe, and multiplatform) are supported.

Type: Internal. External volumes are not supported.

SVP (Web server)

If you want to protect key encryption keys (KEKs) on the key management server, the SVP must always be up and running.

If you want to connect to the key management server by specifying a host name instead of an IP address, you must set up a DNS server on the key management server, and the IP address of the DNS server must be configured on the SVP of the storage system.

For VSP G/F350, G/F370, G/F700, G/F900, the SVP is required to use Encryption License Key.

Key management server (optional)

  • Protocol: Key Management Interoperability Protocol 1.0 (KMIP 1.0)
  • Software: For the latest information about key management server support, contact customer support.
  • Certificates:
    • The root certificate must be in X.509 format and must be placed on the key management server. For details, see the documentation for the server.
    • The client certificate must be current, not expired, and in PKCS#12 format.
Related References
Parent Topic
Child Topics