Users Guide
NOTE: For the Encryption Key Identier and Passphrase guidelines, click the icon on the page.
3. Type a Passphrase.
A Passphrase must contain at least one numeral, alphabets both lower and upper case are allowed, and one non-alphanumeric
character (except space).
NOTE: Server Administrator Storage Management provides a suggested passphrase below the Passphrase text box.
4. If you want to save the Encryption Key credentials in a le on the system where Distributed Web Server is running, select the
Escrow check box.
The Path eld is displayed. Provide the path where you want to save the le. The path should contain a lename with an .xml
extension. The saved le contains the information: SAS address, Encryption Key Identier, Passphrase, and modied date. You
can use this le for future reference.
CAUTION: It is important to understand that if you lose the Passphrase, you cannot recover it. If you move the
physical disks associated with the lost Passphrase to another controller or if the controller fails or is replaced, you
cannot access data from that disk.
NOTE: If Encryption Key Identier or Passphrase contain special characters such as & , " , <, and >, in the le, they
are written as & , ", < and > respectively.
NOTE: If the system crashes while saving the le, the backup le is saved in the specied location.
5. Select the check-box indicating that you understand the implications of using a passphrase and click Apply Changes.
In the controller Information/Conguration page, the Encryption Key Present is set to Yes and the Encryption mode is set to
LKM.
Changing Or Deleting The Encryption Key
You can change an encryption key of a controller if the controller already has a congured encryption key. You can delete an
encryption key for encrypted controllers only if there are no encrypted virtual disks.
To change the encryption key, type the New Encryption Key Identier and Passphrase. You are prompted to authenticate the
current Passphrase. Ensure that you read the note on the importance of passphrase and consequences of not saving the same,
before applying the changes.
When you change the encryption key, the existing conguration on the controller is updated to use the new encryption key. If you
have removed any of the encrypted drives previously, you must authenticate with the old passphrase to import the encrypted drives.
When changing the encryption key, you can also save or update the new encryption key credentials to a le in the system where
Distributed Web Service is running. Select the Escrow check box. If you have already saved the encryption key credentials for a
controller, providing the path of the le updates the credentials for that controller. If the credentials are for a new controller, the
details are appended in the same le.
If you have not saved the credentials to a le, you can provide the path on which the le must be saved. The path must contain a
lename with an .xml extension. On applying changes, this le is created with the credentials.
If you delete the encryption key, you cannot create encrypted virtual disks and all encrypted uncongured self-encrypting drives are
erased. However, deleting an encryption key does not aect encryption or data in foreign disks. If you have saved the encryption key
credentials to a le, deleting the encryption key does not delete the le. Managing the le is the responsibility of the administrator.
Managing The Encryption Key
NOTE: This task is not supported on PERC hardware controllers running in HBA mode.
NOTE: To congure encryption, SED is not required. The encryption settings are used to congure the virtual disk and
the SED.
NOTE: On controller when encryption is disabled, manually enable encryption for virtual disks created using SED drives.
Even if the virtual disk is created after a controller has had encryption enabled, to create an encrypted virtual disk the
encryption option must still be selected from the Advanced Wizard during virtual disk creation.
77