When encryption keys are used
After the encryption environment is set up, Free keys are used to perform the following operations. In addition, if a problem occurs during an operation, extra Free keys might be needed to recover from the problem.
Adding drives
To allocate data encryption keys or FMD-HDE certification keys, Encryption License Key uses one Free key, and FMD Encryption License Key uses three Free keys. During this operation, media encryption keys are generated in the FMD-HDE drives.
Replacing drives
To change data encryption keys or FMD-HDE certification keys, Encryption License Key uses one Free key and FMD Encryption License Key uses three Free keys for each drive. During this operation, media encryption keys are generated in the FMD-HDE drives.
Decrypting parity groups
To change data encryption keys or FMD-HDE certification keys, Encryption License Key uses one Free key, and FMD Encryption License Key uses three Free keys for each drive in the parity group. During this operation, media encryption keys are generated in the FMD-HDE drives.
Adding or replacing encrypting back-end directors (EBEDs)
VSP G/F700, VSP G/F900: To replace an EBED, 2 Free keys are used as CEKs, and 1 Free key is used to register them.
Replacing BEDs with EBEDs
When the first BED is replaced with an EBED, one data encryption key (DEK) is assigned to all drives except for the FMD-HDE drives in the storage system. The number of Free keys to be used for each replacement from BED to EBED is as follows:
- Number of Free keys used as CEK: 4
- Number of Free keys used as KEKs for registering certification keys: 2
Replacing controllers
VSP G/F350, VSP G/F370: 2 Free keys are used as CEKs, and 1 Free key is used to register them.
VSP G/F700, VSP G/F900: No Free keys are used as CEKs, and no Free keys are used to register them.
Updating CEKs
VSP G/F350, VSP G/F370: 2 Free keys for each controller (4 Free keys per storage system) are needed to change CEKs.
VSP G/F700: 2 Free keys for each EBED (8 Free keys per storage system) are needed to change CEKs.
VSP G/F900: 2 Free keys for each EBED (16 Free keys per storage system) are needed to change CEKs.
Updating PINs (VSP F1500 and VSP G1500)
Three Free keys for each FMD-HDE drive (1,728 Free keys per storage system) are needed to change PINs. This is the value when the maximum number of FMD-HDE drives are installed.