Disk encryption

Disk encryption allows you to encrypt data that is stored in basic disk pools and independent disk pools.

Disk encryption protects data from a number of different threats:

  • Protects data transmission to and from the disk drive (important in a SAN environment).
  • Protects data transmission in the cross site mirroring environment (only when the data being mirrored is on an encrypted independent disk pool).
  • Protects data in the case of theft of the disk drive.

To use disk encryption, you must have 5770-SS1 Option 45 - Encrypted ASP Enablement installed. The option to enable encryption is available when you create a disk pool or independent disk pool.

If disk encryption is used in a clustering environment, you must set the master key manually on each system within the device domain. Independent disk pools must be created using the Configure Device ASP (CFGDEVASP) command.

Disk encryption can be used to encrypt existing disk pools or independent disk pools. Starting disk encryption on an existing disk pool might take an extended amount of time to encrypt the data in the disk pool, potentially affecting system performance.

To start disk encryption on a disk pool, follow these steps:

  1. Start System Service Tools (STRSST), and specify the user name and password.
  2. On the System Service Tools (SST) display, select Work with disk units.
  3. On the Work with Disk Units display, select Work with disk configuration.
  4. On the Work with Disk Configuration display, select Work with encryption.
  5. On the Work with Encryption display, select Start encryption on ASPs.
  6. On the Start Encryption on ASPs display, select the ASPs.
  7. Press Enter to confirm the selection.

Disk encryption can be turned off on an encrypted disk pool. Turning off disk encryption takes an extended amount of time to decrypt all the data in the disk pool, potentially affecting system performance.

To stop encryption on a disk pool, follow these steps:

  1. Start System Service Tools (STRSST), and specify the user name and password.
  2. On the System Service Tools (SST) display, select Work with disk units.
  3. On the Work with Disk Units display, select Work with disk configuration.
  4. On the Work with Disk Configuration display, select Work with encryption.
  5. On the Work with Encryption display, select Stop encryption on ASPs.
  6. On the Stop Encryption on ASPs display, select the ASPs.
  7. Press Enter to confirm the selection.