Creating an encrypted array

Edit online

You can create a distributed or non-distributed encrypted array if encryption is enabled on your system.

Before you create an encrypted array, you must obtain an encryption licence and setup a method to manage encryption keys on the system.

The system supports USB drive and key server as a method to create and manage keys. If using USB flash drives, make sure the USB flash drives that contain the key are inserted into the system that contains the array. If using key servers, make sure the key servers that contain the key are connected to the system that contains the array.

You can use either the management GUI or the command-line interface to create an encrypted array.

Using the management GUI

To create an encrypted array, complete the following steps:
  1. Select Pools > MDisks by Pools
  2. On MDisks by Pools page, select Pools > Actions > Add Storage
  3. To add the storage, follow the instructions given in Assign storage
  4. Select Add Storage

Using the command-line interface (CLI)

To create an encrypted array, complete the following steps in the command line interface:
  1. Enter one of the following commands:
    1. To configure an encrypted non-distributed array, enter the mkarray command:
      mkarray -level raid_level -drive drive_id_list -encrypt yes mdiskgrp_id
      where:
      raid_level
      Specifies the RAID level for the array, such as raid6.
      drive_id_list
      Indicates the drives within the array.
      mdiskgrp_id
      Identifies the storage pool that uses the array.
    2. To configure an encrypted distributed array, enter the mkdistributedarray command:
      mkdistributedarray -level raid_level -driveclass driveclass_id -encrypt yes mdiskgrp_id
      where:
      raid_level
      Specifies the RAID level for the array, either raid1 or raid6.
      driveclass_id
      Indicates the class that is used to create the array.
      mdiskgrp_id
      Identifies the storage pool that uses the array.
  2. Verify that the array is encrypted by entering the following command:
    lsarray

    Ensure that the status of the array displays encrypted.

Attention:
  • It is important to have at least three copies of the USB flash drives as a safeguard of the encryption key. Make extra copies of the encryption key on other forms of storage as well. There is no point in storing it to the same system since it is locked when the encryption key is needed.
  • Loss of all copies of the encryption key results in loss of all data in the storage enclosure. The encryption key is required to unlock a storage enclosure that has protection (encryption) enabled. The key should be stored at least as resiliently as the data.