No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Disk Encryption User Guide

OceanStor Dorado V3 Series V300R001

This document is applicable to OceanStor Dorado5000 V3, Dorado6000 V3 and Dorado18000 V3. This document introduces how to install and configure key management servers connected to the storage systems that use self-encrypting disks.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Managing a Key

Managing a Key

This section describes how to manage disk encryption keys, including creating, updating, and destroying keys.

Updating a Key

The key validity period is one year. Before the key expires, manually update the key of an encrypted disk domain to ensure key security.

Prerequisites
  • This operation can be performed only by the super administrator and security administrator.
  • A self-encrypting disk domain has been created on the storage system and the applicable key has been generated on the key management server.
  • The key management server configuration has been backed up to the NFS server.
Procedure
  1. Log in to DeviceManager.
  2. Choose Provisioning > Disk Domain.
  3. Select the self-encrypting disk domain whose key you want to update, and then click Rekey.

    The Warningdialog box is displayed.

  4. Carefully read the content in the dialog box, select I have read and understand the consequences associated with performing this operation, and click OK.

    The Successdialog box is displayed.

  5. Click OK.
  6. Check the key updating on the key management server.

    1. Log in to the key management server web interface as a group manager.
    2. Click the Keys tab.

      Figure 3-83 shows the Keys tab page.

      Figure 3-83 Updating a key
    3. Set the filter as needed. In the result list, check whether the key has been updated based on the serial numbers of the disks in the disk domain.
      NOTE:

      Click the key in the list. Then on the KMIP Object Details page, check whether the value of Unique Identifier has changed. If it has changed, the key has been updated.

Destroying a Key

When data on a self-encrypting disk is no longer useful, you can destroy the encryption key and the disk data to reclaim disk space.

Prerequisites
  • A self-encrypting disk domain has been created on the storage system and the applicable key has been generated on the key management server.
  • Do not delete the self-encrypting disk key generated on the key management server.
  • The key management server configuration has been backed up to the NFS server.
Procedure
  1. Log in to DeviceManager.
  2. Choose Provisioning > Disk Domain.
  3. Select the self-encrypting disk domain whose key you want to delete, and then click Delete.

    The Delete Disk Domain dialog box is displayed.

  4. Carefully read the content in the dialog box, select Data Erase and I have read and understand the consequences associated, and click OK.

    The Successdialog box is displayed.

  5. Click OK.
  6. On the key management server, check whether the encryption key has been destroyed.

    1. Log in to the key management server web interface as a group manager.
    2. Click the Keystab.

      Figure 3-84 shows the Keys tab page.

      Figure 3-84 Destroying a key

    3. Set the filter as needed. In the result list, check whether the key is in the Destroyed state based on the serial numbers of the disks in the disk domain.

Querying the Key Status

You can know about the disk encryption status by viewing the key status.

Procedure
  1. Log in to the key management server web interface as a group manager.
  2. Click the Keys tab.

    A page is displayed, as shown in Figure 3-85.

    Figure 3-85 Querying the key status

  3. Query the key status.

    • If the key status is Active, the self-encrypting disk is encrypted.
    • If the key status is Destroyed, the key has been destroyed, and the self-encrypting disk is not encrypted.
    • If the key status is Pre-Active, the key is not activated.
    • If the key status is DeActive, the key expires.

Translation
Download
Updated: 2018-11-01

Document ID: EDOC1000159246

Views: 33009

Downloads: 199

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next