No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Disk Encryption User Guide

OceanStor Dorado V3 Series V300R001

This document is applicable to OceanStor Dorado5000 V3, Dorado6000 V3 and Dorado18000 V3. This document introduces how to install and configure key management servers connected to the storage systems that use self-encrypting disks.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Managing a Key

Managing a Key

This section describes how to manage disk encryption keys, including updating, destroying keys, and querying status.

Updating a Key

The key validity period is one year. Before the key expires, manually update the key of an encrypted disk domain to ensure key security.

Prerequisites
  • This operation can be performed only by the super administrator and security administrator.
  • An encrypting disk domain has been created on the storage system and the applicable key has been generated on the key management server.
  • The key management server configuration has been backed up to the NFS server.
Procedure
  1. Log in to DeviceManager.
  2. Choose Provisioning > Disk Domain.
  3. Select the self-encrypting disk domain whose key you want to update, and then click Rekey.

    The Warning dialog box is displayed.

  4. Read the content of the dialog box carefully and select I have read and understand the consequences associated with performing this operation. Then click OK.

    The Success dialog box is displayed.

  5. Click OK.
  6. Check the key updating on the key management server.

    1. Log in to the key management server web interface as an administrator.
    2. Choose Security> Keys, as shown in Figure 4-54.
      Figure 4-54 Updating a key
    3. In the key list, use the SN of the self-encrypting disk in the disk domain to check whether the key is updated.
      NOTE:

      Click the key in the list. Then on the Key Properties page, check whether the value of Unique ID has changed. If it has changed, the key has been updated.

Destroying a Key

When data on a self-encrypting disk is no longer useful, you can destroy the encryption key and the disk data to reclaim disk space.

Prerequisites
  • An encrypting disk domain has been created on the storage system and the applicable key has been generated on the key management server.
  • Do not delete the self-encrypting disk key generated on the key management server.
  • The key management server configuration has been backed up to the NFS server.
Procedure
  1. Log in to DeviceManager.
  2. Choose Provisioning > Disk Domain.
  3. Select the self-encrypting disk domain whose key you want to delete, and then click Delete.

    The Delete disk domain dialog box is displayed.

  4. Read the content of the dialog box carefully and select Data Erase and I have read and understand the consequences associated with performing this operation. Then click OK.

    The Success dialog box is displayed.

  5. Click OK.
  6. Check the key updating on the key management server.

    1. Log in to the key management server web interface as an administrator.
    2. Choose Security> Keys, as shown in Figure 4-55.
      Figure 4-55 Destroying a key

    3. In the key list, use the SN of the self-encrypting disk in the disk domain to check whether the key is Deactivated.

Querying the key status

Know about the disk encryption status by viewing the key status.

Procedure
  1. Log in to the key management server web interface as an administrator.
  2. Choose Security > Keys.

    as shown in Figure 4-56.

    Figure 4-56 Querying the key status

  3. Query the key status

    • If the key is in the Active status, the self-encrypting disk is encrypted.
    • If the key is in the Pre-Active status, the key has not taken effect.
    • If the key is in the DeActive status, the key has expired.

Translation
Download
Updated: 2018-11-01

Document ID: EDOC1000159246

Views: 32904

Downloads: 199

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next