The library generates a RAS ticket when you need to generate more data encryption keys. To manually generate data encryption keys, you need to temporarily disable library managed encryption on a partition, and then enable it again. Enabling library managed encryption on a partition triggers the library to check both SKM servers to see if new data encryption keys are needed. If so, it creates the keys.
The data encryption key generation process takes approximately 15 minutes. You should not run any library or host-initiated operations on SKM partitions during key generation and backup.
 |
CAUTION: Avoid manually generating keys on more than five libraries simultaneously as the key generation process is resource-intensive on the server. Generating keys manually on more than five libraries at once could result in a failure to complete the key generation operation, or interfere with key retrieval operations. If a failure does occur during key generation, wait 10 minutes, then try to start it again. The key generation process will resume from where the error was encountered. . |
Follow the steps below to generate data encryption keys manually:
|
CAUTION: When you change the partition’s encryption method to Library Managed Encryption disabled, the data that was written to the tapes while the partition was configured for Library Managed Encryption enabled can no longer be read, until you change the partition back to Library Managed Encryption enabled. You will only be disabling for a short time, and then changing back to Library Managed Encryption enabled (just to trigger the key generation process) so this should have little effect, unless you forget to turn it back to Library Managed Encryption enabled. |
See also: