Lenovo Storage V5030 supports optional encryption of data at rest (Lenovo Storage V3700 V2 XP will support the optional encryption on version 8.1.1.1 or above). Encryption protects against the potential exposure of sensitive user data that is stored on discarded, lost, or stolen storage devices. Both of these systems require an encryption license for each enclosure that supports encryption.
You can use USB flash drives to enable encryption and copy a key to the system. You must create system encryption keys and write those keys to all USB flash drives.
Two options are available for accessing key information on USB flash drives:
You can use encryption key servers to enable encryption. A key server is a centralized system that generates, stores, and serves encryption keys. At least one key server is required to enable encryption key server support.
The IBM Security Key Lifecycle Manager is the supported key server type. It complies with the Key Management Interface Protocol (KMIP) protocol.
You can enable encryption on the IBM Security Key Lifecycle Manager, which supports the Key Management Interface Protocol (KMIP). The IBM Security Key Lifecycle Manager is an unclustered key server.
The IBM Security Key Lifecycle Manager creates managed keys for the system and uses a digital certificate to access these keys and provide authentication. This authentication takes place when certificates are exchanged. Certificates must be managed closely because expired certificates can cause system outages.
To use IBM Security Key Lifecycle Manager, you must specify an IP address, port, and device group to communicate with the system. The device group is a collection of security credentials (including keys and groups of keys) that allows for restricted management of subsets of devices within a larger pool.
Belarus
Kazakhstan
People's Republic of China
Russia