The REST APIs for the VSP storage systems support the encryption operations for VSP One Block:
- Setting an encryption environment
You can use the REST API to configure the encryption environment settings for the storage system.
- Encrypting data to be stored in volumes
When you enable data encryption on a DDP group and then create new volumes in the DDP group, the data to be stored in those volumes will be encrypted. In addition, you can migrate data from existing volumes to new encrypted volumes to encrypt the existing data. The data is migrated per V-VOL.
- Managing encryption keys
You can use the REST APIs to manage the encryption keys used to encrypt and decrypt data. You can create new keys if unassigned keys are not available, for example, due to drive replacement. In addition, you can back up the encryption keys to the management client or to a key management server (KMS) and restore them if needed.
The following table lists the encryption features and indicates user interface support for each item.
Feature | REST API | VSP One Block Administrator | VSP One Block Administrator API | CCI |
---|---|---|---|---|
Edit encryption preferences | Yes | No | No | No |
List and retrieve encryption keys | Yes | Yes | No | No |
Confirmation of settings by editing encryption environment settings | Yes | Yes | No | No |
Encryption key number display/acquisition | Yes | Yes | No | No |
Encryption key generation | Yes | No | No | No |
Operation of the management tool / Back up the encryption key as a file in the management client | Yes | No | No | No |
Connect to a KMS to back up encryption keys | Yes | No | No | No |
Operation of the management tool / Restore encryption keys from files in the management client | Yes | No | No | No |
Connect to a KMS to restore the encryption keys | Yes | No | No | No |
Deleting and generating unused encryption keys | Yes | No | No | No |
Enable encryption when creating a DDP group | No | No | No | Yes |
Enable encryption when creating a pool | No | Yes | Yes | No |