Configuring encryption

To use encryption on the system, you must purchase an encryption license, activate the license on the system, enable encryption, and create copies of the keys. If you have not purchased a license, contact a customer representative to purchase an encryption license.To use encryption on the system, an encryption license is required for each enclosure that supports encryption. Only certain models support encryption.

The system supports optional encryption of data at rest. This support protects against the potential exposure of sensitive user data and user metadata that is stored on discarded, lost, or stolen storage devices. If you add a new control enclosure to a system that has encryption already enabled, the control enclosure must also be licensed.

Within the management GUI, there are two ways to activate an encryption license on the system. During system setup, you are prompted to either manually or automatically activate the license on the system. Automatic activation requires that the notebook that is being used to activate the license is connected to an external network. If you purchased a license after system setup is completed, go to Settings > Systems > Licensed Functions and select Encryption Licenses.

If you are running system setup, you can activate encryption license automatically or manually. To complete automatic activation in the system set up wizard complete the following steps:
Note: Automatic activation requires that the notebook that is being used to activate the license is connected to an external network.
  1. On the Encryption page, select Yes to indicate an encryption license has been purchased. The encryption feature requires that you have purchased a license before activation. If you have not purchased a license and want to encrypt data that is stored on your drives, contact a customer representative to learn how to purchase an encryption license.
  2. Select the control enclosures on which encryption will be activated, and select Actions > Activate License Automatically.
  3. Enter the authorization code that is sent with the licensed function authorization documents that you receive after purchasing the license. These documents contain the authorization codes that are required to obtain keys for each licensed function that you purchased for your system. Click Activate.
To manually activate encryption licenses in the system setup wizard, complete these steps:
  1. On the Encryption page, select Yes to indicate an encryption license has been purchased. The encryption feature requires that you have purchased a license before activation. If you have not purchased a license and want to encrypt data that is stored on your drives, contact a customer representative to learn how to purchase an encryption license.
  2. Select the control enclosures on which encryption will be activated, and select Actions > Activate License Manually.
  3. On the Activate License Manually page, you must retrieve license keys by completing these steps:
    1. Go to https://www.ibm.com/storage/dsfa.
    2. Select your product type.
    3. Enter the following information:
      • Machine type and model
      • Serial number
      • Machine signature
    4. Enter the authorization codes that were sent with your purchase agreement for the licensed function.
    5. Copy or download the keys.
  4. Enter the license keys in the space provided.
  5. Click Activate.
If you completed system setup and want to activate an encryption license, complete these steps:
  1. In the management GUI, select Settings > System > Licensed Functions.
  2. Expand Encryption Licenses and select the control enclosure on which to activate the license. You can choose automatic or manual activation of encryption.
  3. To activate encryption automatically, complete these steps:
    1. Select Actions > Activate License Automatically.
    2. Enter the authorization code that is sent with the licensed function authorization documents that you receive after purchasing the license. These documents contain the authorization codes that are required to obtain keys for each licensed function that you purchased for your system. Click Activate.
  4. To activate encryption manually, complete these steps:
    1. Select the control enclosures on which encryption will be activated, and select Actions > Activate License Manually.
    2. On the Activate License Manually page, you must retrieve license keys by completing these steps:
      1. Go to https://www.ibm.com/storage/dsfa.
      2. Select your product type.
      3. Enter the following information:
        • Machine type and model
        • Serial number
        • Machine signature
      4. Enter the authorization codes that were sent with your purchase agreement for the licensed function.
      5. Copy or download the keys.
      Enter the license keys in the space provided.
  5. Click Activate.
You can use the following commands to either activate the key directly or provide a path to the file where the key resides. As with activation through the management GUI, you need to use the authorization code that you received with your purchase agreement to obtain the key. If you purchased a license after system setup is completed, use the Licensed Functions option to activate the license. You can also use either of the following commands to activate an encryption license on the system:
  1. To activate the license by using the key directly, enter the activatefeature -licensekey key command in the command-line interface, where key is the license key to activate a feature. The key consists of 16 hexadecimal characters that are organized in four groups of four characters with each group separated by a hyphen (such as 0123-4567-89AB-CDEF).
  2. To activate the license with a file path that stores the key, complete these steps:
    1. Use scp to copy the license key file (2076_XXXXXXX.xml) to the /tmp directory.
    2. Using the command-line interface, enter the activatefeature -licensekeyfile filepath, where filepath is full path-to-file that contains all required license information (such as /tmp/keyfile.xml).
Parent topic: Configuring