Storage system requirements

Encryption License Key User Guide

Version
9.8.7
Audience
anonymous
Part Number
MK-98RD9017-17

The following table lists the storage system requirements for the Encryption License Key feature.

Item Requirements
Encryption hardware
  • VSP 5000 series: Encrypting back-end modules (EBEMs)
  • VSP E990, VSP E1090: Encrypting controllers (ECTLs), EBEMs
  • VSP E590, VSP E790: ECTLs, SAS EBEMs
Note:
  • Encrypting and non-encrypting BEMs cannot be intermixed in a storage system.
  • Encrypting and non-encrypting CTLs cannot be intermixed in a storage system.
DKCMAIN firmware
  • VSP 5000 series: Firmware 90-03-02 or later is required to encrypt data stored on NVMe drives.
  • VSP E series: Firmware 93-02-01 or later is required.
Software license Encryption License Key software license

Note: If the license for Encryption License Key is deleted or expires, encryption keys cannot be created.

vDevice Manager - Storage Navigator
  • The Security Administrator (View & Modify) role is required to perform encryption operations (for example, enabling and disabling encryption on parity groups, backing up and restoring keys).
  • The Security Administrator (View & Modify) and Support Personnel (View & Modify) roles are required to restore an encryption key that is not the latest key from a secondary backup copy.
  • If you plan to enable regular encryption key backups on the key management server (KMS), you must designate a specific HDvM - SN user as the regular backup user. This regular backup user must have the Security Administrator (View & Modify) role. If you are not logged in as the designated regular backup user, the System Administrator (System Resource Management) role is required to view details about a regular backup task.
Data volumes
  • Emulation type: All volume emulation types (open-systems, mainframe, and multiplatform) are supported.
  • Volume type: Internal. External volumes are not supported.
SVP (Web server)

VSP E series: The storage system must have an SVP (physical or virtual) if you want to use a KMS.

  • If you want to protect the key encryption keys (KEKs) on the KMS, the SVP must always be up and running.
  • If you want to connect to the KMS by specifying a host name instead of an IP address, you must set up a DNS server on the KMS, and the IP address of the DNS server must be configured on the SVP of the storage system.