If you want to encrypt existing data on your storage system, you must migrate the data to an encrypted parity group. Use the following procedure to encrypt existing data.
- The encryption environmental settings must already be configured.
- You must have the following user roles:
- Security Administrator (View & Modify) role to enable encryption
- Storage Administrator (Provisioning) role to block or format volumes during the enable encryption operation
- Storage Administrator (Provisioning) role to format virtual volumes during the enable encryption operation
- Storage Administrator (Provisioning) role to disable capacity saving during the enable encryption operation
- Support Personnel (Vendor Only) role to block or format pool volumes during the enable encryption operation
CAUTION:
Enabling encryption on a parity group is a destructive operation. Verify the correct parity group ID before performing this operation. You are responsible for backing up the data in the target parity group, if necessary, before performing this operation.
- Create a new parity group.
- Enable encryption on the new parity group as follows:
- Format the LDEVs in the encrypted parity group. For instructions, see the Provisioning Guide.
- Migrate the existing data to the LDEVs in the encrypted parity group using ShadowImage or Volume Migration. For details about Volume Migration, contact your account team.
- After the existing data has been migrated to the encrypted parity group, shred the (unencrypted) migration source volumes to prevent the data from being leaked. For instructions, see the Volume Shredder User Guide.