Licensing encryption

Before you can configure encryption on the system, you must purchase and activate encryption licenses. If you intend to use encryption of data-in-flight to secure IP connections between partnered systems, you also require an encryption license. If you have not already purchased a license, contact a customer representative.

Before you begin

For systems that support more than one control enclosure, a licensed key for the encryption function must be added to all the control enclosures in the system. To obtain license keys, you need the machine type and model (MTM), serial number (S/N), and machine signature to manually activate the keys. Before you can obtain MTM, S/N, and machine signature, ensure that the control enclosure is added to the system. These values are required if you are activating keys manually on the system.

Complete the following steps to find machine type and model (MTM), serial number (S/N), and machine signature:
  1. In the management GUI, select Monitoring > System Hardware. The system automatically detects whether a second control enclosure candidate available.

    Click Add Enclosure and complete the wizard to add the second control enclosure to the system.

  2. After the second control enclosure is added to the system, both control enclosures display. For each control enclosure, select the expand icon to open the System Hardware - Enclosure Details page.
  3. On the System Hardware - Enclosure Details page, select Enclosure Actions > Properties. The machine type and model (MTM), serial number (S/N), and machine signature is displayed on the Properties page. Complete this step for both control enclosures.

You can also use the lsenclosure command to display machine type and model (MTM), serial number (S/N), and machine signature for the control enclosures. To view the MTM, S/N, and machine signature, enter the following commands.lsenclosure 1 where 1 is the identifier of the enclosure. For more information, see lsenclosure.

Using the management GUI

Within the management GUI, you can activate an encryption license on the system by two ways. During system setup, you are prompted to either manually or automatically activate the license on the system. Automatic activation requires that the notebook that is being used to activate the license is connected to an external network.

If you purchased a license after system setup is completed, go to Settings > Systems > Licensed Functions and click to expand Encryption Licenses. These instructions assume that system setup is completed.

If you completed system setup and want to activate an encryption license, complete these steps:
  1. In the management GUI, select Settings > Systems > Licensed Functions.
  2. Click to expand Encryption Licenses and select the control enclosure on which to activate the license. You can select manual activation of encryption.
  3. To activate encryption manually, complete these steps:
    1. Select the control enclosures on which the encryption will be activated, and select Actions > Activate License Manually.
    2. On the Activate License Manually page, you must retrieve the license keys by completing the form at https://www.ibm.com/servers/eserver/ess/landing/index.html . To complete the form by selecting your product and entering machine type and model, serial number, machine signature, and authorization code that was sent in your license agreement. Copy or download the keys.
    3. Click Activate.

Using the command-line interface

You can use the CLI command to either activate the key directly or provide a path to the file where the key resides. As with activation through the management GUI, you need to use the authorization code that you received with your purchase agreement to obtain the key. If you purchased a license after system setup is completed, use the Licensed Functions option to activate the license. You can also use either of the following commands to activate an encryption license on the system:

  1. To activate the license by using the key directly, enter the activatefeature -licensekey command, where key is the license key to activate a feature. The key consists of 16 hexadecimal characters that are organized in four groups of four characters with each group separated by a hyphen (such as 0123-4567-89AB-CDEF).
  2. To activate the license with a file path that stores the key, complete these steps:
    1. Use the Secure Copy (SCP) or SSH File Transfer Protocol (SFTP) to copy the license key file (2076_XXXXXXX.xml) to the /tmp directory.
    2. Using the command-line interface, enter the activatefeature -licensekeyfile filepath, where filepath is full path-to-file that contains all required license information (such as /tmp/keyfile.xml).

    For more information, see Licensing and featurization commands.