Licensing encryption
Before you can configure encryption on the system, you must have the encryption license. If you intend to use encryption of data-in-flight to secure IP connections between partnered systems, you also require an encryption license.
On current-generation systems running IBM Storage Virtualize 9.1.2 or later, the encryption license is installed at manufacturing and no additional installation steps are required.
On older-generation systems, the encryption license must be installed and activated by using the procedures described in this document before encryption can be configured. If you have not already purchased a license, contact a customer representative.
Before you begin
To obtain license keys, you need the machine type and model (MTM), serial number (S/N), and machine signature to manually activate the keys.
- In the management GUI, select .
- Select the expand icon to open the System Hardware - Enclosure Details page.
- On the System Hardware - Enclosure Details page, select . The machine type and model (MTM), serial number (S/N), and machine signature is displayed on the Properties page.
You can also use the lsenclosure command to display machine type and model (MTM), serial number (S/N), and machine signature for the control enclosures. To view the MTM, S/N, and machine signature, enter the following commands.lsenclosure 1 where 1 is the identifier of the enclosure. For more information, see lsenclosure.
Using the management GUI
Within the management GUI, you can activate an encryption license on the system by two ways. During system setup, you are prompted to either manually or automatically activate the license on the system. Automatic activation requires that the notebook that is being used to activate the license is connected to an external network.
If you purchased a license after system setup is completed, go to and click to expand Encryption Licenses. These instructions assume that system setup is completed.
- In the management GUI, select .
- Click to expand Encryption Licenses and select the control enclosure on which to activate the license. You can select manual activation of encryption.
- To activate encryption manually, complete these steps:
- Select the control enclosures on which the encryption will be activated, and select .
- On the Activate License Manually page, you must retrieve the license keys by completing the form at https://www.ibm.com/servers/eserver/ess/landing/index.html . To complete the form by selecting your product and entering machine type and model, serial number, machine signature, and authorization code that was sent in your license agreement. Copy or download the keys.
- Click Activate.
Using the command-line interface
You can use the CLI command to either activate the key directly or provide a path to the file where the key resides. As with activation through the management GUI, you need to use the authorization code that you received with your purchase agreement to obtain the key. If you purchased a license after system setup is completed, use the Licensed Functions option to activate the license. You can also use either of the following commands to activate an encryption license on the system:
- To activate the license by using the key directly, enter the activatefeature -licensekey command, where key is the license key to activate a feature. The key consists of 16 hexadecimal characters that are organized in four groups of four characters with each group separated by a hyphen (such as 0123-4567-89AB-CDEF).
- To activate the license with a file path that stores the key, complete these steps:
- Use the Secure Copy (SCP) or SSH File Transfer Protocol (SFTP) to copy the license key file (2076_XXXXXXX.xml) to the /tmp directory.
- Using the command-line interface, enter the activatefeature -licensekeyfile filepath, where filepath is full path-to-file that contains all required license information (such as /tmp/keyfile.xml).
For more information, see Licensing and featurization commands.