Initiating a recovery key

If you have a security administrator role, you must either configure or disable a recovery key, which must be authorized by the administrator. This process must be completed before the administrator can enable encryption.

About this task

A recovery key can be used to restore access to encrypted data if the key servers are unavailable. Your security policy determines whether a recovery key is required. A dual control, which requires the security administrator to configure (or disable) the recovery key and the administrator to authorize it, is necessary to avoid unauthorized access to encrypted data.

Procedure

If the recovery key was not previously configured or disabled, a task launcher is displayed when you log in to the DS8000® Storage Management GUI.

  • If your security policy allows the use of a recovery key to restore access to encrypted data, configure and verify the recovery key.
    The administrator authorizes the recovery key when encryption is enabled.
  • If your security policy does not allow the use of a recovery key to restore access to encrypted data, disable the recovery key.
    The administrator confirms that the recovery key is disabled when encryption is enabled.