Item | Specification | |
---|---|---|
Hardware specifications | Encryption algorithm | Advanced Encryption Standard (AES) 256-bit |
Encryption mode | XTS mode | |
Encryption module standard | Compliant to FIPS 140-3 Level 1 | |
LDEVs that you can encrypt | Volume type | All emulation types |
Internal/external LDEVs | Internal LDEVs only | |
LDEV with existing data | Supported (requires data migration) | |
Managing encryption keys | Creating and deleting encryption keys | You can use the REST API to manage the encryption keys, including creating, backing up, restoring, and deleting keys. |
Unit of encryption/decryption | Encryption is applied to the DDP group. Data encryption keys (DEKs) are assigned per drive. |
|
Number of encryption keys | Up to 4,096 encryption keys can be created per storage system, including up to 984 DEKs (1 DEK for each drive). | |
Backup/restore functionality | Redundant (primary and secondary) backup/restore copies of all DEKs If the encryption environment of the storage system is set to connect to a key management server, the keys cannot be backed up as a file on the management client. |
|
Attribute of encryption keys | Encryption keys are created with the Free attribute. When a key is allocated to a drive, the attribute changes to DEK. | |
When free keys are used | After the encryption environment is set up, free keys are used when the following operations are performed:
If a problem occurs during one of these operations, additional free keys might be required to recover from the problem. Free keys used for maintenance operations for drives:
|