HP XP7 DKA Encryption User Guide (TK901-96001)
Change data encryption license key workflow
You must migrate data to encrypt data with a different data encryption license key on the HP XP7
Storage system.
For more information about migration practices with encryption, see “Migration practices with
encryption” (page 9).
Use the following process to change encryption license keys:
1. A new parity group is created.
2. Encryption is enabled with a new data encryption license key.
3. The LDEVs in the encrypted parity group are formatted.
4. The source data is migrated to the new target LDEVs in the encrypted parity group.
5. The data is encrypted with the new data encryption license key on the HP XP7 Storage system.
Migration practices with encryption
Migrate encrypted source data by encrypting the target LDEV. Migrate data on a per-LDEV basis.
As a best practice, match encrypted areas with other encrypted areas. Do not mix encrypted and
unencrypted areas.
For more information about encrypting an LDEV, see “Workflow for enabling data encryption on
parity groups” (page 20).
Audit logging of encryption events
The HP XP7 Storage system Audit Log feature provides audit logging of events that happen in the
system. The audit log records events related to data encryption and data encryption license keys.
For more information about audit logging, audit log events, and the Audit Log feature, see the HP
XP7 Remote Web Console User Guide and the HP XP7 Audit Log User and Reference Guide.
Encryption states and protection
Match the encryption states of the primary (P-VOL) and secondary (S-VOL), pool (pool-VOL), journal,
or virtual volume (V-VOL). The encryption states must match to copy data or differential data and
to protect the data. If the state of the P-VOL is “Encrypt”, then the state of all other LDEVs referenced
by or associated with the P-VOL should also be “Encrypt”.
This practice also applies to migration situations.
For more information about migration and encryption, see “Migration practices with encryption”
(page 9).
Interoperability with other software applications
Use the following table to determine the interoperability of software applications with data
encryption.
Interoperability notesSoftware application
Encrypt the P-VOL and S-VOLs (for Compatible FlashCopy, S-VOL and
T-VOLs)to ensure data security.
Business Copy, Continuous Access
Synchronous, Compatible FlashCopy,
and Compatible XRC
Match the encryption states of the P-VOL and pool-VOL. If the P-VOL is
encrypted, encrypt all of the pool-VOLs. If the data pool contains
non-encrypted pool-VOL, the differential data of the P-VOL is not encrypted.
Fast Snap
Match the encryption states of a P-VOL and S-VOL. If you encrypt the P-VOL
only, the data copied on the S-VOL is not encrypted is not protected.
Continuous Access Journal
When you encrypt a P-VOL or S-VOL, use a journal to which only encrypted
LDEVs are registered as journal volumes. If the encryption states of the P-VOL,
Change data encryption license key workflow 9