Users Guide

To change the encryption key, type the New Encryption Key Identier and Passphrase. You are prompted to authenticate the current

Passphrase. Ensure that you read the note on the importance of passphrase and consequences of not saving the same, before applying

the changes.

When you change the encryption key, the existing conguration on the controller is updated to use the new encryption key. If you have

removed any of the encrypted drives previously, you must authenticate with the old passphrase to import the encrypted drives.

When changing the encryption key, you can save the le details in the specied system location if the Escrow check box option is selected.

If you have already saved the encryption key credentials for a controller, the updates of the credentials for that controller is overwritten to

the le only if the le with combination of same controller model and SAS address otherwise the new le is created. When the credentials

are for a new controller with the unique SAS address details, then a new le is generated.

If Escrow check box is not selected then the le is not created for future references.

If you delete the encryption key, you cannot create encrypted virtual disks and all encrypted uncongured self-encrypting drives are erased.

However, deleting an encryption key does not aect encryption or data in foreign disks. If you have saved the encryption key credentials to

a le, deleting the encryption key does not delete the le. Managing the le is the responsibility of the administrator.

Managing The Encryption Key

NOTE: This task is not supported on PERC hardware controllers running in HBA mode.

NOTE: To congure encryption, SED is not required. The encryption settings are used to congure the virtual disk and the SED.

NOTE: On controller when encryption is disabled, manually enable encryption for virtual disks created using SED drives. Even if

the virtual disk is created after a controller has had encryption enabled, to create an encrypted virtual disk the encryption option

must still be selected from the Advanced Wizard during virtual disk creation.

On an encryption-capable controller, the Manage Encryption Key task allows you to enable encryption in LKM mode. If you enable LKM,

you can create an encryption key for an encryption-capable controller. If the escrow check box options is selected then the le is saved to

a specied location for future reference. You can also change or delete the encryption key.

NOTE

: This task is available only on PERC H7x0 and H8x0 controllers.

Manage Encryption Key Task In Storage Management

To go to the Manage Encryption Key task in Storage Management:

1 In the Server Administrator window, under the system tree, select Storage.

2 Go to Storage Dashboard > Available Tasks drop-down menu > Manage Encryption Key....

3 Click Execute.

Manage Encryption Key Task In Storage Management — Method 2

Alternatively to go to Manage Encryption Key task in Storage Management

1 Expand the Storage tree object to display the controller objects.

2 Select an encryption-capable controller object.

3 Click Information/Conguration.

4 Select Manage Encryption Key.... from the Controller Tasks drop-down menu.

5 Click Execute.

If the controller is encryption-capable and an encryption key is not present, then the Create Encryption Key page is displayed. Else, the

Change or Delete Encryption Key page is displayed.

Controllers