Encryption enablement

You can enable encryption by using USB flash drives to copy the encryption key to the system or by configuring an encryption key server for the system or cloud storage. An encrypted cloud account inherits the system encryption key providers setting.

You can also have a simultaneous configuration of both key servers and USB flash drives to ensure redundancy of access to encrypted data if either method becomes unavailable, or if the keys are permanently lost for one of the methods.

Notes:
  • To protect against permanent key loss for one of the methods, a simultaneous configuration must be planned in advance. It is not permitted to enable another key method when the keys for an existing method have already been lost.
  • To enable and configure encryption on the system, a user must have one of the following user roles: SecurityAdmin, Administrator, or RestrictedAdmin.

The following list of encryption key server and USB flash drive characteristics might help you to choose the type of encryption enablement that you want to use.

Key servers can have the following characteristics:
  • Physical access to the system is not required to process a rekeying operation.
  • Support for businesses that have security requirements not to use USB ports.
  • Strong key generation.
  • Key self-replication and automatic backups.
  • Implementations follow an open standard that aids in interoperability.
  • Audit detail.
  • Ability to administer access to data separately from storage devices.
USB flash drives have the following characteristics:
  • Physical access to the system is required to process a rekeying operation.
  • No mechanical components to maintain with almost no read operations or write operations to the USB flash drive.
  • Inexpensive to maintain and use.
  • Convenient and easy to have multiple identical USB flash drives available as backups.
Parent topic: Configuring encryption
Related concepts:
Configuring transparent cloud tiering