You can manage key labels, key servers,
recovery keys, and on the
Encryption tab of the page. The actions that are available to you depend on your user role.
Administrator
If you have an administrator
user role, you can use the following actions to manage encryption:
- Enable
- Enable encryption of data on the storage system after the security
administrator configures or disables a recovery key.
- Disable
- Disable encryption of data on the storage system. This action
does not require authorization by the security administrator.
- Key labels
-
- Add Key Label
- Add a label that the storage system uses to identify an encryption
key on the key servers.
- Modify
- Change the label the storage system uses to identify the encryption key on the key servers.
- Remove
- Remove a key label that is no longer needed. This action is only permitted when arrays and
extent pools have been removed
- Key servers
-
- Add Key Server
- Add the host name or IP address and port of the key server where an encryption key is located.
If the key server type is KMIP or SSL enabled SKLM, specify the key server certificate.
- Test
- Test the key server to confirm that it is accessible from the
storage system.
- Modify
- Change the host name, IP address, or port of an existing key server.
If the key server type
is KMIP or SSL enabled SKLM, change the key server certificate.
- Activate
- Activate a deactivated key server.
- Deactivate
- Deactivate a key server that is not needed for encryption.
- Remove
- Remove a key server that is no longer needed for encryption.
- Rekey
- Instruct the key server to create a new encryption key for the
storage system.
- Recovery keys
-
- Authorize
- Authorize the configuration, disablement, or rekeying of a recovery key by the
administrator.
- Decline
- Decline the configuration, disablement, or rekeying of a recovery
key by the security administrator.
Security Administrator
If you have a security administrator user role, you
can use the following actions to manage encryption:
- Recovery keys
- Configure
- Configure a recovery key that can be used to restore access to data if the encryption key server
is unavailable. The administrator must authorize the recovery key after you configure and verify
it.
- Verify
- After you configure or rekey a recovery key, you must verify it before the administrator can
authorize it.
- Disable
- If a recovery key is not required to restore access to data, disable the recovery key. The
administrator must confirm that the recovery key is disabled.
- Test
- Validate a recovery key to ensure that it is the correct recovery key for the storage
system.
- Rekey
- Reconfigure a recovery key. The administrator must authorize the recovery key after you rekey
and verify it.