Users Guide
A Passphrase must contain at least one numeral, alphabets both lower and upper case are allowed, and one non-alphanumeric
character (except space).
NOTE: Server Administrator Storage Management provides a suggested passphrase below the Passphrase text box.
4.
If you want to save the Encryption Key credentials in a file on the managed node, select the Escrow check box.
The file is saved in the location C:\Windows for Microsoft Windows operating system and /var/log for Linux and ESXi operating
system which contains a filename as dellemc_<ControllerModel>_<SASAddress>.xml. The saved file contains the information:
SAS address, Encryption Key Identifier, Passphrase, and modified date. You can use this file for future reference.
CAUTION: It is important to understand that if you lose the Passphrase, you cannot recover it. If you move the
physical disks associated with the lost Passphrase to another controller or if the controller fails or is replaced, you
cannot access data from that disk.
NOTE: If Encryption Key Identifier or Passphrase contain special characters such as & , " , <, and >, in the file, they
are written as & , ", < and > respectively.
NOTE: If the system crashes while the file is created, the backup file is saved in the specified location.
5. Select the check-box indicating that you understand the implications of using a passphrase and click Apply Changes.
In the controller Information/Configuration page, the Encryption Key Present is set to Yes and the Encryption mode is set to
LKM.
Changing Or Deleting The Encryption Key
You can change an encryption key of a controller if the controller already has a configured encryption key. You can delete an encryption
key for encrypted controllers only if there are no encrypted virtual disks.
To change the encryption key, type the New Encryption Key Identifier and Passphrase. You are prompted to authenticate the current
Passphrase. Ensure that you read the note on the importance of passphrase and consequences of not saving the same, before applying
the changes.
When you change the encryption key, the existing configuration on the controller is updated to use the new encryption key. If you have
removed any of the encrypted drives previously, you must authenticate with the old passphrase to import the encrypted drives.
When changing the encryption key, you can save the file details in the specified system location if the Escrow check box option is
selected. If you have already saved the encryption key credentials for a controller, the updates of the credentials for that controller is
overwritten to the file only if the file with combination of same controller model and SAS address otherwise the new file is created. When
the credentials are for a new controller with the unique SAS address details, then a new file is generated.
If Escrow check box is not selected then the file is not created for future references.
If you delete the encryption key, you cannot create encrypted virtual disks and all encrypted unconfigured self-encrypting drives are
erased. However, deleting an encryption key does not affect encryption or data in foreign disks. If you have saved the encryption key
credentials to a file, deleting the encryption key does not delete the file. Managing the file is the responsibility of the administrator.
Managing The Encryption Key
NOTE:
This task is not supported on PERC hardware controllers running in HBA mode.
NOTE: To configure encryption, SED is not required. The encryption settings are used to configure the virtual disk and
the SED.
NOTE: On controller when encryption is disabled, manually enable encryption for virtual disks created using SED drives.
Even if the virtual disk is created after a controller has had encryption enabled, to create an encrypted virtual disk the
encryption option must still be selected from the Advanced Wizard during virtual disk creation.
On an encryption-capable controller, the Manage Encryption Key task allows you to enable encryption in LKM mode. If you enable LKM,
you can create an encryption key for an encryption-capable controller. If the escrow check box options is selected then the file is saved
to a specified location for future reference. You can also change or delete the encryption key.
NOTE:
This task is available only on PERC H7x0, H8x0, and PERC FD33xD controllers.
Manage Encryption Key Task In Storage Management
To go to the Manage Encryption Key task in Storage Management:
1. In the Server Administrator window, under the system tree, select Storage.
Controllers
63