The following table lists the support specifications for Encryption License Key.
Item | Specification | |
---|---|---|
Hardware specifications | Encryption algorithm | Advanced Encryption Standard (AES) 256-bit |
Encryption mode | XTS mode | |
Encryption module standard |
|
|
LDEVs that you can encrypt | Volume type | Open, mainframe, multiplatform |
Emulation type | All emulation types | |
Internal/external LDEVs | Internal LDEVs only | |
LDEV with existing data | Requires data migration | |
Managing encryption keys | Creating and deleting encryption keys | You can use Device Manager - Storage Navigator (HDvM - SN) to create and delete encryption keys. If your storage system does not have an SVP, you can use the REST API (see Using the REST API to perform encryption operations). Note: Encryption keys that are allocated to implemented drives cannot be deleted. If you want to delete the encryption key allocated to an implemented drive and allocate a new encryption key, you must first disable encryption for the parity group to which the drive belongs. |
Unit of encryption/decryption | Encryption is applied to the parity group. Data encryption keys (DEKs) are used per drive. |
|
Number of encryption keys |
The encryption keys are set in the following units:
When the encryption environmental settings are initialized, the following numbers of encryption keys are created:
|
|
Attribute of encryption keys | Keys used for Encryption License Key are created with the Free attribute, and then another attribute is assigned according to the usage. The attributes for the encryption keys are:
If you reconfigure the encryption environmental settings, encryption keys and CEKs are not updated, and unused keys are not created. The encryption keys created when the encryption environmental settings were configured for the first time are used. |
|
Backup/restore functionality | Redundant (primary and secondary) backup/restore copies |