You can create a distributed or
nondistributed encrypted array if encryption is enabled on your system.
Ensure that encryption is enabled and the USB flash drives that
contain the key are inserted into the system that contains the array. To enable encryption on the array, complete
these steps in the command line interface:
- Enter one of the following commands:
- To configure an encrypted nondistributed array, enter the mkarray command:
mkarray -level raid_level -drive drive_id_list -encrypt yes mdiskgrp_id
where:- raid_level
- Specifies the RAID level for the array, such as raid5.
- drive_id_list
- Indicates the drives within the array.
- mdiskgrp_id
- Identifies the storage pool that uses the array.
- To configure an encrypted distributed array, enter the mkdistributedarray command:
mkdistributedarray -level raid_level -driveclass driveclass_id -encrypt yes mdiskgrp_id
where:- raid_level
- Specifies the RAID level for the array, either raid5 or
raid6.
- driveclass_id
- Indicates the class that is used to create the array.
- mdiskgrp_id
- Identifies the storage pool that uses the array.
- Verify that the array is encrypted by entering the following
command:
lsarray
Ensure that the status of the array displays
encrypted.
Attention: - It is important to have at least three copies of the USB
flash drives as a safeguard of the encryption
key. Make extra copies of the encryption key on other forms of storage as well. There is no
point in storing it to the same system since it is locked when the encryption key is needed.
- Loss of all copies of the encryption key results in loss of all data in the storage
enclosure. The encryption key is required to unlock a storage enclosure that has protection
(encryption) enabled. The key should be stored at least as resiliently as the data.