HP StorageWorks XP24000/XP20000 Disk Encryption User's Guide This user's guide describes and provides instructions for using the HP StorageWorks DKA Encryption License Key software to configure and perform HP DKA Encryption License Key operations.
Legal and notice information © Copyright 2008-2009 Hewlett-Packard Development Company, L.P. Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. The information contained herein is subject to change without notice.
Contents 1 Overview .......................................................................................... 7 2 About DKA Encryption License Key operations ....................................... 9 Overview of encryption ............................................................................................................... 9 Encryption specification .........................................................................................................
Acronyms and abbreviations ................................................................. 25 Index .................................................................................................
Figures 1 Encryption window ................................................................................................. 15 2 VLL Window .......................................................................................................... 17 3 Encryption dialog box .............................................................................................
Tables 1 Encryption specification using DKA Encryption License Key .............................................
1 Overview On the HP StorageWorks XP24000 Disk Array and XP20000 Disk Array, data stored in the volumes in the storage system can be encrypted by using DKA Encryption License Key. If data is encrypted, information leakage can be prevented when replacing the storage system or the hard disk in the storage system, or in case of their theft.
Overview
2 About DKA Encryption License Key operations This chapter describes the functions of DKA Encryption License Key.
Notes on use of DKA Encryption License Key When using DKA Encryption License Key, take note of the following: • Only internal volumes of the storage system can be encrypted by using DKA Encryption License Key. External volumes cannot be encrypted in that way. • An encryption-compliant disk adapter is required for using DKA Encryption License Key. • For both encryption-compliant DKAs and non-encryption-compliant DKAs, spare disks must be installed.
The execution of secondary backup requires the exclusive authority of operation (such as an Encryption Administrator role). For details on exclusive authority of operation, see the HP StorageWorks XP24000/XP20000 Remote Web Console User’s Guide. Restoring encryption keys Restoring an encryption key can be classified into restore from the primary backup and restore from the secondary backup. If encryption-compliant DKAs are not mounted, an encryption key cannot be restored.
If encryption has been set in the parity group, encryption formatting is executed before user data is written there. If encryption is released, regular formatting is executed before user data is written there. Encryption formatting can be executed only if all the volumes that belong to a parity group can be formatted. If there are any volumes that cannot be formatted, encryption formatting cannot be executed.
3 Preparing for DKA Encryption License Key operations This chapter describes the preparations for DKA Encryption License Key operations.
Configuring the user account Only a user account that has the exclusive authority of Encryption Administrator role can configure settings for DKA Encryption License Key. For the details about the user account, see the HP StorageWorks XP Remote Web Console User’s Guide.
4 Using the DKA Encryption License Key windows This chapter describes the windows required for DKA Encryption License Key operations. • Encryption window • VLL window • Encryption dialog box Encryption window Use the Encryption window to back up and restore the encryption key used for data encryption and decryption. To open the Encryption window, from the menu of the main window, click Start, Security, and then click Encryption.
Item Description Date of creation The time when an encryption key is created. If encryption-compliant DKAs are not mounted or if an encryption key is not created, this column will show a hyphen (-). Creation Count The number of times that a backup of an encryption key is created. If encryption-compliant DKAs are not mounted, this column will show a hyphen (-). Backup Count The number of times that a backup of an encryption key is created.
Figure 2 VLL Window In the VLL window, click Encryption to open the Encryption dialog box. For details about the VLL window, see HP StorageWorks XP24000/XP20000 Virtual LVI/LUN (VLL) and Volume Shredder User's Guide. Encryption dialog box Use the Encryption dialog box to specify the volume whose data to encrypt, by the parity group.
Item Parity group Description Parity group number Encryption setting status: Encryption • Enable: Encryption is enabled. • Disable: Encryption is disabled. The status of the volumes in the parity group is shown. • Normal: The volume is in normal status. • Blocked: The volume is in a blocked status. Hosts cannot access the blocked volume. • Warning: The volume has a problem. • Format: The volume is being formatted. • Preparing Quick Format: The volume is being prepared for Quick Format.
5 Performing DKA Encryption License Key operations This chapter describes DKA Encryption License Key operations. • Creating a backup of encryption key • Restoring an encryption key • Setting or releasing an encrypted parity group For various settings with DKA Encryption License Key, the HP XP Remote Web Console main window must be set to the Modify mode. If the background color of the icon on the top right of the window is light yellow ( ), the window is in the Modify mode.
6. Click Browse, and then select an encryption key file from the list. The file extension must be .ekf. If you click the Browse button and select an encryption key file, the file name and path will appear in File Name. 7. Click Apply. The settings are reflected in the storage system. Setting or releasing an encrypted parity group This section describes the procedure to set or release an encryption key for a parity group. For more information, see Setting or releasing encrypted parity groups, page 11. 1.
6 Troubleshooting This chapter describes how to troubleshoot DKA Encryption License Key problems. For troubleshooting information on the XP24000/XP20000 Disk Array storage systems, see the HP StorageWorks XP24000/XP20000 Disk Array Owner's Guide. For a complete list of Remote Web Console error codes, see the HP StorageWorks XP24000/XP20000 Remote Web Console Error Codes.
Troubleshooting
7 Support and Other Resources Related Documentation • • • • • HP HP HP HP HP StorageWorks StorageWorks StorageWorks StorageWorks StorageWorks XP24000/XP20000 XP24000/XP20000 XP24000/XP20000 XP24000/XP20000 XP24000/XP20000 Remote Web Console User’s Guide Virtual LVI/LUN (VLL) and Volume Shredder User's Guide Auto LUN Software User's Guide Disk Array Owner's Guide Remote Web Console Error Codes You can find these documents on the HP Manuals website: http://www.hp.
• • • • • • Product model names and numbers Technical support registration number (if applicable) Product serial numbers Error messages Operating system type and revision level Detailed questions Subscription Service HP recommends that you register your product at the Subscriber’s Choice for Business website: http://www.hp.com/go/e-updates After registering, you will receive e-mail notification of product enhancements, new driver versions, firmware updates, and other product resources.
Acronyms and abbreviations DKA disk adapter LAN local-area network LDEV logical device LM local memory LUN logical unit number P-VOL primary volume RAID redundant array of independent disks SM shared memory S-VOL secondary volume SVP service processor TP-VOL an XP Thin Provisioning volume XP24000/XP20000 Disk Encryption User's Guide 25
Acronyms and abbreviations
Index B backup, 10, 19 blocked status, 18 C configuring, 13 contacting technical support, 21 conventions storage capacity values, 23 copying status, 18 correction access, 18 correction access with redundancy, 18 D documentation HP website, 23 providing feedback, 24 Encryption window, 15 F format encrypted LDEV, 11 format status, 18 H help obtaining, 23 HP technical support, 23 N normal (quick format) status, 18 normal status, 18 O Overview, 7 E encrypted parity group setting or releasing, 11, 20 enc
T technical support, 24 contacting, 21 HP, 23 troubleshooting, 21 U unknown status, 18 V VLL window, 16 volume status, 18 W warning status, 18 websites HP, 24 HP Subscriber's Choice for Business, 24 product manuals, 23 X XP Remote Web Console configure for encryption, 13 28