Setup Encryption Mode
Overview
This function sets the encryption mode to encrypt volumes by using the CM.
There are two methods to encrypt a volume.
Encryption by firmware (CM)
To encrypt volumes by the CM, use this function to enable the encryption mode (*1). After the encryption mode is enabled, create volumes of which "Encryption by CM" is set to "On". Refer to the [Create Volume] function for details.
*1 : The encryption mode is enabled by selecting "Fujitsu Original Encryption", "AES-128", or "AES-256". Encryption by drive (SED)
To encrypt volumes by the SED, create volumes in RAID groups or TPPs that are configured with SEDs. Refer to the [Create Volume] function for details. In this case, encrypted volumes can be created even when "Encryption Mode" is set to "Disable".
Note that Web GUI cannot be used to create volumes in FTRPs. To create volumes in FTRPs, use CLI or ETERNUS SF Storage Cruiser.
Use either "Encryption by CM" or "Encryption by SED" for each volume. Note that because "Encryption by CM" reduces the volume access performance, using "Encryption by SED" is recommended.
The ETERNUS DX60 S5 does not support this function.
Encryption related functions are only available after the encryption mode is enabled.
When disabling the encryption mode, reboot the storage system.
Once a volume has been encrypted, it cannot be changed back to a non-encrypted volume.
- The encryption mode cannot be disabled for volumes or pools with the following conditions.
Volumes that are already encrypted by CM
Pools (or TPPs and FTRPs) that are already encrypted by CM
Volumes that are being encrypted by CM
Extreme Cache Pools that are already encrypted by CM
- When using the encryption function in a Unified Storage environment, set the "Encryption Mode" as described below.
For the ETERNUS DX100 S5
Select "Fujitsu Original Encryption" for the encryption mode. If "AES-128" or "AES-256" is selected, the performance of the NAS function is reduced.
For the other models
Selecting "Fujitsu Original Encryption" for the encryption mode is recommended.
The encryption mode can be changed even when volumes or pools (TPPs or FTRPs) in the storage system are already encrypted by the SED.
If the encryption mode is enabled with this function (*1), existing unencrypted volumes (or "Standard", "WSV", and "SDV" type volumes) can be encrypted. Refer to the [Encrypt Volume] function for details.
The encryption mode setting can be checked. Refer to the [System Settings] function for details.
*1 : The encryption mode is enabled by selecting "Fujitsu Original Encryption", "AES-128", or "AES-256".
User Privileges
Availability of Executions in the Default Role
Default role | Availability of executions |
---|---|
Monitor | |
Admin | |
StorageAdmin | |
AccountAdmin | |
SecurityAdmin | |
Maintainer |
Refer to "User Roles and Policies" for details on the policies and roles.
Settings
In this screen, set the encryption mode.
Encryption Mode Setting
Item | Description | Setting values |
---|---|---|
Encryption Mode |
Select the encryption mode to encrypt volumes by using the CM. This item is displayed when no encrypted volume and no encrypted pool (or TPP and FTRP) exist in the storage system. To enable encryption by the CM, select "Fujitsu Original Encryption", "AES-128", or "AES-256".
|
Disable (Default) Fujitsu Original Encryption AES-128 AES-256 |
Operating Procedures
In this screen, set the encryption mode.
Click [Setup Encryption Mode] in [Action].
Select the encryption mode and click the [Set] button.
→ A confirmation screen appears.
Click the [OK] button.
→ The encryption mode setting is performed.
Click the [Done] button to return to the [System Settings] screen.
CautionWhen disabling the encryption mode, reboot the storage system.