Overview of data encryption

REST API Reference Guide for Virtual Storage Platform 5000, Virtual Storage Platform E Series, and Virtual Storage Platform G/F Series

Version
93-07-0x
90-09-0x
88-08-10
Audience
anonymous
Part Number
MK-98RD9014-17

You can use the Encryption License Key functionality to encrypt data stored in a volume of the storage system. If you encrypt data, you can prevent information leakage when drives in the storage system are replaced or the drives are stolen. Even if you encrypt data, the processing time or waiting time during I/O will not increase and the existing applications and infrastructure will not be affected.

With the REST API, you can use the Encryption License Key functionality if the storage system is VSP E series, VSP G350, G370, G700, G900, VSP F350, F370, F700, F900.

The operations for data encryption to be performed by using the REST API are as follows:
  • Setting an encryption environment

    You can use the REST API to change the encryption environment settings for the storage system or initialize the encryption environment.

  • Encrypting data to be stored in a volume

    If you enable data encryption when creating a parity group and create a volume from the parity group, data to be stored in that volume is encrypted. In addition, if you migrate exiting volumes to the volume, the data stored in these existing volumes can also be encrypted.

  • Managing encryption keys

    You can use the REST API to manage encryption keys used to encrypt and decrypt data. Encryption keys are automatically created when an encryption environment is enabled for the first time. You can create a new key if unassigned keys become insufficient due to replacement of a drive, or delete unnecessary unassigned keys. In addition, you can back up encryption keys to a REST API client and restore them if needed.

Note: If the settings are specified so that an encryption environment for the storage system links with the key management server, you cannot use the REST API to perform the following operations:
  • Change or get the encryption environment settings
  • Create or delete encryption keys
  • Back up or restore encryption keys

For details on the Encryption License Key functionality such as the encryption specifications and system requirements, see the Encryption License Key User Guide.