Encryption with internal key management

Internal key management uses the internal boot drive to manage the main encryption key for the system.

Internal key management method provides user an efficient way to configure and manage the encryption without needing the external methods such as USB flash drives and key servers. It avoids the additional overhead of maintaining the external methods.

The internal key management method simplifies the encryption configuration by providing a one-step interface to manage the encryption. This method performs the rekey, for example, the regeneration of key operation every 24 hours internally and without requiring any user intervention. This helps in adhering to the security policies of the organization of regenerating the encryption key in regular intervals.

The internal key management method stores the main encryption key in an encrypted form on the internal boot drive of every node of the system. This method uses the onboard Trusted Platform Module (TPM) chip to encrypt the main encryption key. The system helps ensure that the key is securely distributed across all the nodes of the system, during enable process, rekey process, and recovery process.
Note: It is recommended to configure the encryption recovery key along with the internal key management method.
If you have configured the encryption by using the external methods such as USB flash drives or key servers, then you can switch to the internal key management method without affecting the encrypted objects configured on your system. For more information, see Switching to internal key management method.
Note: It is not recommended to configure both internal key management and external methods.