HP XP7 DKA Encryption User Guide (TK901-96001)
Contents
1 DKA Encryption Overview...........................................................................6
DKA Encryption benefits............................................................................................................6
DKA Encryption support specifications.........................................................................................6
When are data encryption license keys needed............................................................................7
Primary and secondary data encryption license keys.....................................................................7
KMIP key management server support.........................................................................................8
Data encryption workflow..........................................................................................................8
Data encryption on existing data workflow..............................................................................8
Disable encrypted data workflow................................................................................................8
Change data encryption license key workflow..............................................................................9
Migration practices with encryption........................................................................................9
Audit logging of encryption events..............................................................................................9
Encryption states and protection.................................................................................................9
Interoperability with other software applications............................................................................9
2 DKA Encryption Installation........................................................................11
DKA Encryption installation workflow........................................................................................11
System requirements................................................................................................................11
Enabling the DKA Encryption feature.........................................................................................11
Disabling the DKA Encryption feature........................................................................................12
3 Key Management Server Connections.........................................................13
Key management server requirements........................................................................................13
Root and client certificates...................................................................................................13
Root certificate on the key management server..................................................................13
Client certificate password..............................................................................................13
Preparing the client certificate workflow................................................................................14
Private key file creation workflow.....................................................................................14
Creating a private SSL key file........................................................................................14
Creating a public SSL key file.........................................................................................14
Converting the client certificate to the PKCS#12 format.......................................................15
Uploading the root and client certificate...........................................................................15
Uploading the root and client certificate....................................................................................15
4 Managing data encryption license keys.......................................................17
Workflow for creating data encryption license keys.....................................................................17
Creating data encryption license keys...................................................................................17
Workflow for backing up secondary data encryption license keys............................................18
Backing up keys as a file................................................................................................18
Backing up keys to a key management server...................................................................19
Opening the Backup Keys to Server window using the Encryption window............................19
Opening the Backup Keys to Server window using the View Backup Keys on Server
window.......................................................................................................................19
Viewing backup data encryption license keys....................................................................19
Editing the password policy.....................................................................................................20
Workflow for enabling data encryption on parity groups.............................................................20
Enabling data encryption at the parity group-level..................................................................20
Workflow for disabling data encryption at the parity-group level...................................................21
Blocking LDEVs at the parity-group level................................................................................22
Disabling data encryption at the parity-group level.................................................................22
Encryption formatting at the parity-group level ......................................................................23
Unblocking LDEVs at the parity-group level............................................................................23
Workflow for moving unencrypted data to an encrypted environment............................................23
Contents 3