Disk encryption

Disk encryption allows you to encrypt data that is stored in basic disk pools and independent disk pools.

Disk encryption protects data from a number of different threats:

Protects data transmission to and from the disk drive (important in a SAN environment).
Protects data transmission in the cross site mirroring environment (only when the data being mirrored is on an encrypted independent disk pool).
Protects data in the case of theft of the disk drive.

To use disk encryption, you must have 5770-SS1 Option 45 - Encrypted ASP Enablement installed. The option to enable encryption is available when you create a disk pool or independent disk pool.

If disk encryption is used in a clustering environment, you must set the master key manually on each system within the device domain. Independent disk pools must be created using IBM® Navigator for i. The character-based interface cannot be used.

Disk encryption can be used to encrypt existing disk pools or independent disk pools. Starting disk encryption on an existing disk pool might take an extended amount of time to encrypt the data in the disk pool, potentially affecting system performance.

To start disk encryption on a disk pool using your IBM Navigator for i, follow these steps:

Select Configuration and Service from your IBM Navigator for i.
Select Disk Pools.
Right-click the disk pool that you want to start encryption on and select Start Encryption.
Follow the instructions on the dialog box that is displayed.

Disk encryption can be turned off on an encrypted disk pool. Turning off disk encryption takes an extended amount of time to decrypt all the data in the disk pool, potentially affecting system performance.

To stop encryption on a disk pool using your IBM Navigator for i, follow these steps:

Select Configuration and Service from your IBM Navigator for i.
Select Disk Pools.
Right-click the disk pool that you want to stop encryption on and select Stop Encryption.
Follow the instructions on the dialog box that is displayed.