Encrypting existing data

Encryption License Key User Guide

Version
9.8.7
Audience
anonymous
Part Number
MK-98RD9017-17

If you want to encrypt existing data on your storage system, you must migrate the data to an encrypted parity group. Use the following procedure to encrypt existing data.

  • The encryption environmental settings must already be configured.
  • You must have the following user roles:
    • Security Administrator (View & Modify) role to enable encryption
    • Storage Administrator (Provisioning) role to block or format volumes during the enable encryption operation
    • Storage Administrator (Provisioning) role to format virtual volumes during the enable encryption operation
    • Storage Administrator (Provisioning) role to disable capacity saving during the enable encryption operation
    • Support Personnel (Vendor Only) role to block or format pool volumes during the enable encryption operation
CAUTION:
Enabling encryption on a parity group is a destructive operation. Verify the correct parity group ID before performing this operation. You are responsible for backing up the data in the target parity group, if necessary, before performing this operation.
  1. Create a new parity group.
  2. Enable encryption on the new parity group as follows:
    1. On the Parity Groups tab, select the target parity group, and then click More Actions > Edit Encryption.
    2. In the Edit Encryption window, select the parity group in the Available Parity Groups table, select Enable for Encryption, and then click Add.
      The parity group is added to the Selected Parity Groups list.
    3. Click Finish.
    4. In the Confirm window, confirm the settings, and enter your task name in Task Name.
      If you want the Tasks window to open after you click Apply, select Go to tasks window for status.
    5. Click Apply, and then click OK in the message that appears.
  3. Format the LDEVs in the encrypted parity group. For instructions, see the Provisioning Guide.
  4. Migrate the existing data to the LDEVs in the encrypted parity group using ShadowImage or Volume Migration. For details about Volume Migration, contact your account team.
  5. After the existing data has been migrated to the encrypted parity group, shred the (unencrypted) migration source volumes to prevent the data from being leaked. For instructions, see the Volume Shredder User Guide.