User's Manual
On an encryption-capable controller, the Manage Encryption Key task allows you to enable encryption in LKM mode. If you enable LKM, you can create an
Encryption Key on an encryption-capable controller and save it locally. You can also change or delete the Encryption Key.
To go to the Manage Encryption Key task in Storage Management:
1. Select Storage in the Storage tree.
2. Go to Storage Dashboard® Available Tasks drop-down menu® Manage Encryption Key....
3. Click Execute.
OR
1. Expand the Storage tree object to display the controller objects.
2. Select an encryption-capable controller object.
3. Go to Information/Configuration subtab® Controller Tasks drop-down menu® Manage Encryption Key....
4. Click Execute.
If the controller is encryption-capable and an Encryption Key is not present, then the Create Encryption Key page is displayed. Else, the Change or Delete
Encryption Key page is displayed.
Encryption Key
The controller uses the Encryption Key to lock or unlock access to Self Encryption Disks (SEDs). You can create only one Encryption Key for each encryption-
capable controller.
If you are using Local Key Management (LKM) you must create the Encryption Key by providing the Encryption Key Identifier and the Passphrase.
Encryption Key Identifier
An Encryption Key Identifier is a user-supplied text label for the Passphrase. The identifier helps you determine which Passphrase to enter during
authentication for import of foreign encrypted SED drives.
Passphrase
A Passphrase is a user supplied string that the controller uses to create the Encryption Key.
For more information on creating an Encryption Key, see Manage Encryption Key.
Enabling LKM
Creating an Encryption Key
To create an Encryption Key on the selected controller:
1. Select the Enable Local Key Management (LKM) option.
2. Enter an Encryption Key Identifier.
An Encryption Key Identifier can contain numerals, lowercase alphabets, uppercase alphabets, non-alphanumeric characters, or a combination of any of
these.
3. Enter a Passphrase.
NOTE: To configure encryption, you do not require an SED. However, to create a secure virtual disk, you require an SED. The encryption settings are
then used to configure the virtual disk and the SED.
NOTE: This task is available only on PERC H800 and PERC H700 controllers.
NOTE: For more Encryption Key and Passphrase guidelines, click the i icon on the Manage Encryption Key screen.
NOTE: For the Encryption Key Identifier and Passphrase guidelines, click the i icon on the screen.