Internal key
management uses the internal boot drive to manage the main encryption key for the
system.
Internal key management method provides user an efficient way to configure and manage
the encryption without needing the external methods such as USB flash drives and key servers. It
avoids the additional overhead of maintaining the external methods.
The internal key management method simplifies the encryption configuration by
providing a one-step interface to manage the encryption. This method performs the rekey, for
example, the regeneration of key operation every 24 hours internally and without requiring any user
intervention. This helps in adhering to the security policies of the organization of regenerating
the encryption key in regular intervals.
The internal key management method stores the main encryption key in an encrypted
form on the internal boot drive of every node of the system. This method uses the onboard Trusted
Platform Module (TPM) chip to encrypt the main encryption key. The system helps ensure that the key
is securely distributed across all the nodes of the system, during enable process, rekey process,
and recovery process.
Note: It is recommended to configure the encryption recovery key along with the
internal key management method.
If you have configured the encryption by using the external methods such as USB flash
drives or key servers, then you can switch to the internal key management method without affecting
the encrypted objects configured on your system. For more information, see
Switching to internal key management method.
Note: It is not recommended to
configure both internal key management and external methods.