Setup Encryption Mode

Overview

This function sets the encryption mode to encrypt volumes by using the CM.

There are two methods to encrypt a volume.

Encryption by firmware (CM)

To encrypt volumes by the CM, use this function to enable the encryption mode (*1). After the encryption mode is enabled, create volumes of which "Encryption by CM" is set to "On". Refer to the [Create Volume] function for details.

*1 : The encryption mode is enabled by selecting "Fujitsu Original Encryption", "AES-128", or "AES-256".
Encryption by drive (SED)

To encrypt volumes by the SED, create volumes in RAID groups or TPPs that are configured with SEDs. Refer to the [Create Volume] function for details. In this case, encrypted volumes can be created even when "Encryption Mode" is set to "Disable".

Note that Web GUI cannot be used to create volumes in FTRPs. To create volumes in FTRPs, use CLI or ETERNUS SF Storage Cruiser.

Use either "Encryption by CM" or "Encryption by SED" for each volume. Note that because "Encryption by CM" reduces the volume access performance, using "Encryption by SED" is recommended.

Caution

Encryption related functions are only available after the encryption mode is enabled.
When disabling the encryption mode, reboot the storage system.
Once a volume has been encrypted, it cannot be changed back to a non-encrypted volume.
The encryption mode cannot be disabled for volumes or pools with the following conditions.
- Volumes that are already encrypted by CM
- Pools (or TPPs and FTRPs) that are already encrypted by CM
- Volumes that are being encrypted by CM
- Extreme Cache Pools that are already encrypted by CM

Note

The encryption mode can be changed even when volumes or pools (TPPs or FTRPs) in the storage system are already encrypted by the SED.
If the encryption mode is enabled with this function (*1), existing unencrypted volumes (or "Standard", "WSV", and "SDV" type volumes) can be encrypted. Refer to the [Encrypt Volume] function for details.
The encryption mode setting can be checked. Refer to the [System Settings] function for details.

*1 : The encryption mode is enabled by selecting "Fujitsu Original Encryption", "AES-128", or "AES-256".

Settings

In this screen, set the encryption mode.

Encryption Mode Setting

Item	Description	Setting values
Encryption Mode	Select the encryption mode to encrypt volumes by using the CM. This item is displayed when no encrypted volume and no encrypted pool (or TPP and FTRP) exist in the storage system. To enable encryption by the CM, select "Fujitsu Original Encryption", "AES-128", or "AES-256". Disable The encryption function by the CM is not used. When the encryption mode is changed to "Disable" from one of the following options, reboot the storage system. Fujitsu Original Encryption AES-128 AES-256 Fujitsu Original Encryption "Fujitsu Original Encryption" is an encryption method which uses a Fujitsu proprietary algorithm. Compared to the AES-128bit method, its practical security level is almost equal while it allows faster processing than the AES-128bit method. AES-128 "AES-128" is an encryption method that uses the AES 128bit method. "Advanced Encryption Standard (AES)" (standard encryption used for information processing by the US federal government) is a standardized encryption method. AES-256 "AES-256" is an encryption method that uses the AES 256bit method. Compared to the AES-128bit method, the encryption strength is higher (meaning that decrypting the encrypted data is difficult), but the Read/Write access performance for the volumes is reduced.	Disable (Default) Fujitsu Original Encryption AES-128 AES-256

Item

Description

Setting values

Encryption Mode

Select the encryption mode to encrypt volumes by using the CM.

This item is displayed when no encrypted volume and no encrypted pool (or TPP and FTRP) exist in the storage system. To enable encryption by the CM, select "Fujitsu Original Encryption", "AES-128", or "AES-256".

Disable
The encryption function by the CM is not used.
When the encryption mode is changed to "Disable" from one of the following options, reboot the storage system.
- Fujitsu Original Encryption
- AES-128
- AES-256
Fujitsu Original Encryption

"Fujitsu Original Encryption" is an encryption method which uses a Fujitsu proprietary algorithm.

Compared to the AES-128bit method, its practical security level is almost equal while it allows faster processing than the AES-128bit method.
AES-128

"AES-128" is an encryption method that uses the AES 128bit method.

"Advanced Encryption Standard (AES)" (standard encryption used for information processing by the US federal government) is a standardized encryption method.
AES-256

"AES-256" is an encryption method that uses the AES 256bit method.

Compared to the AES-128bit method, the encryption strength is higher (meaning that decrypting the encrypted data is difficult), but the Read/Write access performance for the volumes is reduced.

Disable (Default)

Fujitsu Original Encryption

AES-128

AES-256

Operating Procedures

In this screen, set the encryption mode.

Click [Setup Encryption Mode] in [Action].
Select the encryption mode and click the [Set] button.

→ A confirmation screen appears.
Click the [OK] button.

→ The encryption mode setting is performed.
Click the [Done] button to return to the [System Settings] screen.
Caution
- When disabling the encryption mode, reboot the storage system.