User's Manual
Changing or Deleting the Encryption Key
You can change an Encryption Key of a controller if the controller already has a configured Encryption Key. You can delete an Encryption Key for encrypted
controllers only if there are no encrypted virtual disks.
To change the Encryption Key, enter the New Encryption Key Identifier and Passphrase. You are prompted to authenticate with the current Passphrase.
Ensure you read the note on the importance of Passphrase and consequences of not saving the same, before applying the changes.
When you change the Encryption Key, the existing configuration on this controller is updated to use the new Encryption Key. If you have removed any of the
encrypted drives previously, you must authenticate with the old Passphrase to import the encrypted drives.
When changing the Encryption Key, you can also save or update the new Encryption Key credentials to a file in the system where Distributed Web Service is
running. Select the Escrow check box. If you have already saved the Encryption Key credentials for a controller, providing the path of the file updates
credentials for that controller. If the credentials are for a new controller, the details are appended in the same file.
If you have not saved the credentials to a file, you can enter the path on which the file must be saved. The path must contain a file name with an .xml
extension. On applying changes, this file is created with the credentials.
If you delete the Encryption Key, you cannot create encrypted virtual disks and all encrypted unconfigured self-encrypting drives are erased. However, deleting
an Encryption Key does not affect encryption or data in foreign disks. If you have saved the Encryption Key credentials to a file, deleting the Encryption Key
does not delete the file. Managing the file is the responsibility of the administrator.
Switching From LKM to DKM
If you have LKM enabled on your controller and want to switch to DKM:
1. Go to the Manage Encryption Key window and select the Switch to Dell Key Management (DKM) radio button.
The Existing LKM Encryption Key Identifier field is populated.
2. Enter the corresponding Existing LKM Passphrase.
3. Click Apply Changes.
The controller Information/Configuration tab now displays Encryption Key Present as Yes and Encryption Mode as DKM.
Switching From DKM to LKM
If you have DKM enabled on your controller and want to switch to LKM:
1. Go to the Manage Encryption Key window and select the Switch to Local Key Management (LKM) radio button.
2. Enter the New Encryption Key Identifier and New Passphrase.
3. If you want to save the Encryption Key credentials in a file on the system where Distributed Web Server is running, select the Escrow check box. You
can use this file for future reference.
The Path field is displayed. Enter the path where you want to save the file. The path should contain a file name with an .xml extension. The file is saved
with details such as SAS address, Encryption Key Identifier, Passphrase, and modified date.
4. Select the check-box indicating that you understand the implications of using a Passphrase and click Apply Changes.
The controller Information/Configuration tab now displays Encryption Key Present as Yes and Encryption Mode as LKM.
Patrol Read Report
Does my controller support this feature? See Supported Features.
This report provides information on all the Patrol Reads done on the controller in the chronological order. It provides information such as last run time and
result. If the Patrol Read fails, it provides the reason for the failure.
To locate this task in Storage Management:
CAUTION: It is important to understand that if you lose the Passphrase, you cannot recover it. If you move the physical disks associated with the
lost Passphrase to another controller or if the controller fails or is replaced, you cannot access data from that disk.
NOTE: If Encryption Key Identifier or Passphrase contains special characters such as & , " , < , and > , in the file, they are written as & ,
" , < and > respectively.
NOTE: If the system crashes while saving the file, the backup file is saved in the specified location.