Creating an encrypted array
You can create a distributed or nondistributed encrypted array if encryption is enabled on your system.
Ensure that encryption is enabled and the USB flash drives that
contain the key are inserted into the system that contains the array. To enable encryption on the array, complete
these steps in the command line interface:
- Enter one of the following commands:
- To configure an encrypted nondistributed array, enter the mkarray command:
where:mkarray -level raid_level -drive drive_id_list -encrypt yes mdiskgrp_id- raid_level
- Specifies the RAID level for the array, such as raid5.
- drive_id_list
- Indicates the drives within the array.
- mdiskgrp_id
- Identifies the storage pool that uses the array.
- To configure an encrypted distributed array, enter the mkdistributedarray command:
where:mkdistributedarray -level raid_level -driveclass driveclass_id -encrypt yes mdiskgrp_id- raid_level
- Specifies the RAID level for the array, either raid5 or raid6.
- driveclass_id
- Indicates the class that is used to create the array.
- mdiskgrp_id
- Identifies the storage pool that uses the array.
- To configure an encrypted nondistributed array, enter the mkarray command:
- Verify that the array is encrypted by entering the following
command:
lsarrayEnsure that the status of the array displays encrypted.
Attention:
- It is important to have at least three copies of the USB flash drives as a safeguard of the encryption key. Make extra copies of the encryption key on other forms of storage as well. There is no point in storing it to the same system since it is locked when the encryption key is needed.
- Loss of all copies of the encryption key results in loss of all data in the storage enclosure. The encryption key is required to unlock a storage enclosure that has protection (encryption) enabled. The key should be stored at least as resiliently as the data.