Securing data

You can secure data with the encryption features that are supported by the storage system. The DS8A00 systems use AES-256 encryption.

Encryption technology has a number of considerations that are critical to understand to maintain the security and accessibility of encrypted data. For example, encryption must be enabled by feature code and configured to protect data in your environment. Encryption also requires access to at least two external key servers. However, with the local key manager enabled (feature 0405), the requirement for at least two external key servers does not apply.

It is important to understand how to manage IBM® encrypted storage and comply with IBM encryption requirements. Failure to follow these requirements might cause a permanent encryption deadlock, which might result in the permanent loss of all key-server-managed encrypted data at all of your installations.

The storage system automatically tests access to the encryption keys every 8 hours and access to the key servers every 5 minutes. You can verify access to key servers manually, initiate key retrieval, and monitor the status of attempts to access the key server.