Workflow for creating secondary backups of the data encryption keys

The VSP G series or VSP F series storage systems automatically create a primary backup of the data encryption keys. You can also create secondary backups of the data encryption keys.

The backup of the encryption keys is performed to the existing DEK keys and CEK keys at the same time.

In addition, it is recommended that you back up all keys after you perform any of the following operations:

• Creating encryption keys

• Adding, removing, or replacing drives

• Adding, removing, or replacing EBEDs

• Updating CEK keys

• Updating KEK keys

Use the following process to create secondary backups of the data encryption keys:

1. Confirm that the VSP G series or VSP F series storage systems are not processing other tasks. You cannot back up the keys while your storage system is processing other tasks.

2. Use one of the following methods to create secondary backups of the data encryption keys:

• Back up the data encryption keys as a file on the HCS management serverHDvM - SN computer.

For details, see Backing up the keys as a file.

• Back up the data encryption keys to a key management server.

For details, see Backing up the keys to a key management server.