Activating encryption license

Edit online

To use encryption on the system, you must purchase an encryption license, upload certificates, activate the license on the system, set up your method of key management, and create copies of the keys. If you have not purchased a license, contact a customer representative to purchase an encryption license.

Prerequisites

For systems that support more than one control enclosure, a licensed key for the encryption function must be added to all the control enclosures in the system. To obtain license keys, you need the machine type and model (MTM), serial number (S/N), and machine signature to manually activate the keys. Before you can obtain MTM, S/N, and machine signature, ensure that the control enclosure has been added to the system. These values are required if you are activating keys manually on the system.

Complete the following steps to find machine type and model (MTM), serial number (S/N), and machine signature:
  1. In the management GUI, select Monitoring > System Hardware. The system automatically detects if there is a second control enclosure candidate available. Click Add Enclosure and complete the wizard to add the second control enclosure to the system.
  2. After the second control enclosure is added to the system, both control enclosures display. For each control enclosure, select the expand icon to open the System Hardware - Enclosure Details page.
  3. On the System Hardware - Enclosure Details page, select Enclosure Actions > Properties. The machine type and model (MTM), serial number (S/N), and machine signature display on the Properties page. Complete this for both control enclosures.
You can also use the lsenclosure command to display machine type and model (MTM), serial number (S/N), and machine signature for the control enclosures. To view the MTM, S/N, and machine signature, enter the following commands:
Control enclosure 1
lsenclosure 1
where 1 is the identifier of the enclosure.
Control enclosure 2
lsenclosure 2
where 2 is the identifier of the enclosure.

Using the management GUI

Within the management GUI, there are two ways to activate an encryption license on the system. During system setup, you are prompted to manually activate the license on the system. Automatic activation requires that the notebook that is being used to activate the license is connected to an external network. If you want to add more licenses after system setup is completed, you can use the Licensed Functions page to activate the keys.

To activate a license key manually, complete these steps:
  1. Right-click the function and select Actions > Activate License Manually.
  2. On the Activate License Manually page, you must retrieve license keys by completing these steps:
    1. Go to https://www.ibm.com/servers/eserver/ess/landing/index.html .
    2. On the ESS website, select your product type and enter the following information:
      • Machine type and model
      • Serial number
      • Machine signature
    3. Enter the authorization code.
    4. Copy or download the keys.
  3. Click Activate.

Using the CLI

Before you activate your license, ensure that you download the license key from ESS website:
  1. Go to https://www.ibm.com/servers/eserver/ess/landing/index.html .
  2. On the ESS website, select your product type and enter the following information:
    • Machine type and model
    • Serial number
    • Machine signature
  3. Enter the authorization code.
  4. Copy or download the keys.
You can use the following commands to either activate the key directly or provide a path to the file where the key resides. As with activation through the management GUI, you need to use the authorization code that you received with your purchase agreement to obtain the key. If you purchased a license after system setup is completed, use the Licensed Functions option to activate the license. You can also use either of the following commands to activate an encryption license on the system:
  1. To activate the license by using the key directly, enter the activatefeature -licensekey key command in the command-line interface, where key is the license key to activate a feature. The key consists of 16 hexadecimal characters that are organized in four groups of four characters with each group separated by a hyphen (such as 0123-4567-89AB-CDEF).
  2. To activate the license with a file path that stores the key, complete these steps:
    1. Use scp to copy the license key file (2076_XXXXXXX.xml) to the /tmp directory.
    2. Using the command-line interface, enter the activatefeature -licensekeyfile filepath, where filepath is full path-to-file that contains all required license information (such as /tmp/keyfile.xml).