HP 3PAR OS 3.1.3 CLI Administrator's Manual

ManualsBrandsHP ManualsSoftwareHP 3PAR Operating System Software

121

122

123

124

125

126

127

128

129

130

cli% controlencryption enable backupfile

To enable encryption using the Windows CLI, issue the following command:

cli% controlencryption enable C:\\backupfile

When encryption is initally enabled, the system verifies that:

• The system is licensed for data encryption.

• All drives in the system are SEDs.

• There are no degraded or failed drives in the system.

If all of these conditions are met, the system generates an authentication key and returns the

backed-up key file.

You will be prompted twice for the password for the backup file. Backup is part of the

encryption-enabling operation.

After the backup of the authentication key is acknowledged, the key is set on all the drives in the

system.

For more information about the controlencryption command, see the HP 3PAR Command

Line Interface Reference.

Backing up the Authentication Key File

To back up the authentication key file, issue the controlencryption backup command. For

example:

cli% controlencryption backup backup1

The keystore must be backed up to prevent total loss of data. You will be prompted twice for the

password for the backup file. The same password must be supplied on restore.

Restoring the Key File

Restoration of a key file is necessary only if there is a catastrophic problem and the key-files on all

nodes are destroyed or corrupted. Restore the key file from an external source to the controller

nodes in the StoreServ system.

To restore the key file, issue the controlencryption restore command. For example:

cli% controlencryption restore backup1

Rekeying the Authentication Key

To change the authentication key and back up the authentication key file, issue the

controlencryption rekey command.

You can rekey the array at any time. You can also save and back up a new copy of the

authentication key file at any time. In the event of a recovery action requiring restoration of the

key file, the correct key file must be available; otherwise the data will be lost.

Showing Data Encryption Status

To see the status of data encryption, issue the following command:

controlencryption status

Optionally, issue the command with the -d option to show disks that are failed or not SED-capable.

#$ controlencryption status

Licensed Enabled BackupSaved State SeqNum

yes yes yes normal 2

Using Self-encrypting Disks 121