User interfaces for encryption

Encryption License Key User Guide for VSP One Block

Version
10.2.x
Audience
anonymous
Part Number
MK-23VSP1B010-00

The REST APIs for the VSP storage systems support the encryption operations for VSP One Block:

  • Setting an encryption environment

    You can use the REST API to configure the encryption environment settings for the storage system.

  • Encrypting data to be stored in volumes

    When you enable data encryption on a DDP group and then create new volumes in the DDP group, the data to be stored in those volumes will be encrypted. In addition, you can migrate data from existing volumes to new encrypted volumes to encrypt the existing data. The data is migrated per V-VOL.

  • Managing encryption keys

    You can use the REST APIs to manage the encryption keys used to encrypt and decrypt data. You can create new keys if unassigned keys are not available, for example, due to drive replacement. In addition, you can back up the encryption keys to the management client or to a key management server (KMS) and restore them if needed.

The following table lists the encryption features and indicates user interface support for each item.

Feature REST API VSP One Block Administrator VSP One Block Administrator API CCI
Edit encryption preferences Yes No No No
List and retrieve encryption keys Yes Yes No No
Confirmation of settings by editing encryption environment settings Yes Yes No No
Encryption key number display/acquisition Yes Yes No No
Encryption key generation Yes No No No
Operation of the management tool / Back up the encryption key as a file in the management client Yes No No No
Connect to a KMS to back up encryption keys Yes No No No
Operation of the management tool / Restore encryption keys from files in the management client Yes No No No
Connect to a KMS to restore the encryption keys Yes No No No
Deleting and generating unused encryption keys Yes No No No
Enable encryption when creating a DDP group No No No Yes
Enable encryption when creating a pool No Yes Yes No