Workflow for backing up secondary data encryption keys
The VSP G200, G400, G600, G800, VSP F400, F600, F800, and VSP G1000 storage systems automatically create a primary backup of the data encryption key. You can also back up a secondary data encryption license.
The backup of the encryption key is performed to the existing DEK keys and CEK keys at the same time.
In addition, it is recommended that you back up each key after you perform any of the following operations:
Creating encryption keys
Adding, removing, or replacing drives
Adding, removing, or replacing disk adapters
Updating CEK keys
Updating KEK keys
Use the following process to back up a secondary data encryption key:
Confirm that the VSP G series or VSP F series storage system is not processing other tasks. You cannot back up a key while your storage system is processing other tasks.
Use one of the following methods to back up the secondary data encryption key:
Back up the secondary data encryption key as a file on the HCS management serverHDvM - SN computer.
For details, see Backing up keys as a file.
Back up the secondary data encryption key to a key management server.
For details, see Backing up keys to a key management server.