User's Manual
l Cables to any virtual disk are not disconnected.
Manage Encryption Key
On an encryption-capable controller, the Manage Encryption Key task allows you to enable encryption in LKM mode or DKM mode. You can enable either LKM
mode or DKM mode at a time. If you enable LKM, you can create an Encryption Key on an encryption-capable controller and save it locally. You can also change
or delete the Encryption Key.
If you enable DKM for a self encrypting drive, you can retrieve the Encryption Key from the DKM server. You can also rekey the controller with the new
Encryption Key retrieved from the DKM server. You can switch the encryption mode from LKM to DKM and vice versa at any point of time.
To go to the Manage Encryption Key task in Storage Management:
1. Select Storage in the Storage tree.
2. Go to Storage Dashboard® Available Tasks drop-down menu® Manage Encryption Key....
3. Click Execute.
OR
1. Expand the Storage tree object to display the controller objects.
2. Select an encryption-capable controller object.
3. Go to Information/Configuration subtab® Controller Tasks drop-down menu® Manage Encryption Key....
4. Click Execute.
If the controller is encryption-capable and an Encryption Key is not present, then the Create Encryption Key page is displayed. Else, the Change or Delete
Encryption Key page is displayed.
Encryption Key
The controller uses the Encryption Key to lock or unlock access to Self Encryption Disks (SEDs). You can create only one Encryption Key for each encryption-
capable controller.
If you are using Dell Key Management (DKM), the Encryption Key is created automatically on a encryption-capable controller. If you are using Local Key
Management (LKM) you must create the Encryption Key by providing the Encryption Key Identifier and the Passphrase.
Encryption Key Identifier
An Encryption Key Identifier is a user-supplied text label for the Passphrase. The identifier helps you determine which Passphrase to enter during
authentication for import of foreign encrypted SED drives.
Passphrase
A Passphrase is a user supplied string that the controller uses to create the Encryption Key.
For more information on creating an Encryption Key, see Manage Encryption Key.
Enabling DKM
Creating an Encryption Key
NOTE: To configure encryption, you do not require an SED. However, to create a secure virtual disk, you require an SED. The encryption settings are
then used to configure the virtual disk and the SED.
NOTE: These tasks are available only on PERC H800 and PERC H700 controllers.
NOTE: The DKM feature is available from the first half of calendar year 2011.
NOTE: For more Encryption Key and Passphrase guidelines, click the i icon on the Manage Encryption Key screen.