Support specifications for Encryption License Key

Encryption License Key User Guide for VSP One Block

Version
10.2.x
Audience
anonymous
Part Number
MK-23VSP1B010-00
Item Specification
Hardware specifications Encryption algorithm Advanced Encryption Standard (AES) 256-bit
Encryption mode XTS mode
Encryption module standard Compliant to FIPS 140-3 Level 1
LDEVs that you can encrypt Volume type All emulation types
Internal/external LDEVs Internal LDEVs only
LDEV with existing data Supported (requires data migration)
Managing encryption keys Creating and deleting encryption keys You can use the REST API to manage the encryption keys, including creating, backing up, restoring, and deleting keys.
Unit of encryption/decryption Encryption is applied to the DDP group.

Data encryption keys (DEKs) are assigned per drive.

Number of encryption keys Up to 4,096 encryption keys can be created per storage system, including up to 984 DEKs (1 DEK for each drive).
Backup/restore functionality Redundant (primary and secondary) backup/restore copies of all DEKs

If the encryption environment of the storage system is set to connect to a key management server, the keys cannot be backed up as a file on the management client.

Attribute of encryption keys Encryption keys are created with the Free attribute. When a key is allocated to a drive, the attribute changes to DEK.
When free keys are used After the encryption environment is set up, free keys are used when the following operations are performed:
  • Maintenance operations for drives
  • Maintenance operations for encrypting controllers (ECTLs)

If a problem occurs during one of these operations, additional free keys might be required to recover from the problem.

Free keys used for maintenance operations for drives:

  • Adding drives: 1 free key for each drive being added
  • Replacing drives: 1 free key for each drive being replaced
  • Decrypting a DDP group: 1 free key for each drive in the DDP group being decrypted