Software Support

CAUTION: It is important to understand that if you lose the Passphrase, you cannot recover it. If you move the

physical disks associated with the lost Passphrase to another controller or if the controller fails or is replaced,

you cannot access data from that disk.

NOTE: If Encryption Key Identifier or Passphrase contain special characters such as & , " , <, and >, in the file,

they are written as & , ", < and > respectively.

NOTE: If the system crashes while saving the file, the backup file is saved in the specified location.

5. Select the check-box indicating that you understand the implications of using a passphrase and click Apply

Changes.

In the controller Information/Configuration page, the Encryption Key Present is set to Yes and the Encryption mode

is set to LKM.

Changing Or Deleting The Encryption Key

You can change an encryption key of a controller if the controller already has a configured encryption key. You can

delete an encryption key for encrypted controllers only if there are no encrypted virtual disks.

To change the encryption key, type the New Encryption Key Identifier and Passphrase. You are prompted to

authenticate the current Passphrase. Ensure that you read the note on the importance of passphrase and consequences

of not saving the same, before applying the changes.

When you change the encryption key, the existing configuration on the controller is updated to use the new encryption

key. If you have removed any of the encrypted drives previously, you must authenticate with the old passphrase to

import the encrypted drives.

When changing the encryption key, you can also save or update the new encryption key credentials to a file in the

system where Distributed Web Service is running. Select the Escrow check box. If you have already saved the

encryption key credentials for a controller, providing the path of the file updates the credentials for that controller. If the

credentials are for a new controller, the details are appended in the same file.

If you have not saved the credentials to a file, you can provide the path on which the file must be saved. The path must

contain a filename with an .xml extension. On applying changes, this file is created with the credentials.

If you delete the encryption key, you cannot create encrypted virtual disks and all encrypted unconfigured self-

encrypting drives are erased. However, deleting an encryption key does not affect encryption or data in foreign disks. If

you have saved the encryption key credentials to a file, deleting the encryption key does not delete the file. Managing

the file is the responsibility of the administrator.

Managing The Encryption Key

NOTE: To configure encryption, SED is not required. The encryption settings are used to configure the virtual disk

and the SED.

NOTE: On controller when encryption is disabled, manually enable encryption for virtual disks created using SED

drives. If the virtual disk is created after encryption is enabled on a controller, the virtual disk is automatically

encrypted, it will automatically be configured as an encrypted virtual disk unless the enabled encryption option is

disabled during the advance configuration virtual disk creation.

On an encryption-capable controller, the Manage Encryption Key task allows you to enable encryption in LKM mode. If

you enable LKM, you can create an encryption key on an encryption-capable controller and save it locally. You can also

change or delete the encryption key.

NOTE: This task is available only on PERC H7x0 and H8x0 controllers.