Encryption hardware |
- VSP 5000 series: Encrypting back-end modules (EBEMs)
- VSP E990, VSP E1090: Encrypting controllers (ECTLs), EBEMs
- VSP E590, VSP E790: ECTLs, SAS EBEMs
Note:
- Encrypting and non-encrypting BEMs cannot be intermixed in a storage system.
- Encrypting and non-encrypting CTLs cannot be intermixed in a storage system.
|
DKCMAIN firmware |
- VSP 5000 series: Firmware 90-03-02 or later is required to encrypt data stored on NVMe drives.
- VSP E series: Firmware 93-02-01 or later is required.
|
Software license |
Encryption License Key software license Note: If the license for Encryption License Key is deleted or expires, encryption keys cannot be created.
|
vDevice Manager - Storage Navigator |
- The Security Administrator (View & Modify) role is required to perform encryption operations (for example, enabling and disabling encryption on parity groups, backing up and restoring keys).
- The Security Administrator (View & Modify) and Support Personnel (View & Modify) roles are required to restore an encryption key that is not the latest key from a secondary backup copy.
- If you plan to enable regular encryption key backups on the key management server (KMS), you must designate a specific HDvM - SN user as the regular backup user. This regular backup user must have the Security Administrator (View & Modify) role. If you are not logged in as the designated regular backup user, the System Administrator (System Resource Management) role is required to view details about a regular backup task.
|
Data volumes |
- Emulation type: All volume emulation types (open-systems, mainframe, and multiplatform) are supported.
- Volume type: Internal. External volumes are not supported.
|
SVP (Web server) |
VSP E series: The storage system must have an SVP (physical or virtual) if you want to use a KMS.
- If you want to protect the key encryption keys (KEKs) on the KMS, the SVP must always be up and running.
- If you want to connect to the KMS by specifying a host name instead of an IP address, you must set up a DNS server on the KMS, and the IP address of the DNS server must be configured on the SVP of the storage system.
|