HP 3PAR Command Line Interface Administrator's Manual: HP 3PAR OS 3.1.2 (QR482-96525, September 2013)

ManualsBrandsHP ManualsStorageHP 3PAR StoreServ 7450 2-node Base

111

112

113

114

115

116

117

118

119

120

To view the license using the HP 3PAR CLI, issue the showlicense command:

cli%showlicense

License key was generated on Thu May 23 16:29:37 2013

License features currently enabled:

...

Data Encryption

...

To view the license using the HP 3PAR MC, navigate to the Software tab.

Restrictions

These restrictions apply to the first release of data encryption (HP 3PAR OS 3.1.2 MU2):

• Data encryption is available only with the purchase of a new HP 3PAR StoreServ system.

• Data encryption cannot be enabled on an HP StoreServ storage system earlier than HP 3PAR

OS 3.1.2 MU2.

• Data encryption is not supported on any HP 3PAR encrypted storage array with mixed

configurations of SEDs and non-SEDs; the array must contain only SEDs.

• A single authentication key is used to unlock all the drives in the array for reading and writing

to media.

• Authentication keys are managed using a local key manager (LKM) in the storage system.

• The controlencryption commands (or GUI call) are recorded in the HP 3PAR OS eventlog,

but the filename and password contents are not. For example:

Time : 2013-05-28 13:52:20 PDT

Severity : Informational

Type : CLI command executed

Message : {3parsvc super all {{0 8}} -1 127.0.0.1 9534} {controlencryption

enable_start <password > <secret>} {}

Message : {3paradm super all {{0 8}} -1 16.94.229.83 9706} {controlencryption

status_details} {}

Message : {3paradm super all {{0 8}} -1 16.94.229.83 30353} {controlencryption

rekey_finish} {}

• A user with Super authority is responsible for physical security of a backup copy of the

authentication keys and for remembering the password.

• Encryption should be enabled before writing data to the array. The system will function, and

the same data can be accessed before and after encryption is enabled, but it will not be

secure (no DAR) until encryption is enabled.

Using Self-encrypting Disks

Taking Ownership

Ownership means changing the authentication key and locking state of an SED from its default

settings, so that the data on the drive is secure.

To enable the SED, issue the admitpd [option] [<WWN>...] command. Options are:

• -nold: Do not use the physical disk (as identifed by the WWN specifier) for LD allocation.

Specify the –nold option when adding a physical disk to replace a failed disk whose chunklets

Restrictions 113