HP 3PAR Command Line Interface Administrator's Manual: HP 3PAR OS 3.1.2 (QR482-96525, September 2013)
takes about 30 seconds, and booting takes an additional 5 seconds. Rekeying under a light load
takes about 15 seconds.
CAUTION:
Keep the encryption key file and password safe. If you lose the encryption key and the HP 3PAR
StoreServ system is still functioning, you can always perform another backup of the encryption key
file. However, should you lose the encryption key file or the password, and should the HP 3PAR
StoreServ system then fail, the HP 3PAR StoreServ system will be unable to restore access to data.
Ensure that backup copies of the latest encryption key file are kept and that the password is known.
The importance of keeping the encryption key file and password safe cannot be overstated. HP
does not have access to the encryption key or password.
Different arrays need separate backups, although the same password can be applied.
The SED DataStore provides an open interface for authentication key management. DataStore
tracks the serial number of the array that owns each SED, which disallows SEDs from being used
in other systems.
NOTE: The HP 3PAR data encryption solution will help mitigate breach notifications under the
Health Information Technology for Economic and Clinical Health (HITECH) Act, but is not compliant
with the Federal Information Processing Standard (FIPS) 140-2.
Supported Configurations
HP 3PAR StoreServ Storage
The following HP 3PAR Storage systems support data encryption. They can be ordered with an
HP 3PAR Data Encryption license and SEDs that provide data encryption.
• HP 3PAR StoreServ 10000 Storage
• HP 3PAR StoreServ 7450 Storage
• HP 3PAR StoreServ 7000 Storage
NOTE: A non-encrypting array cannot be converted to an encrypting array. HP does not support
mixed configurations of encrypted and non-encrypted drives. The HP 3PAR StoreServ Storage
system must be purchased new, with only SED drives installed.
HP 3PAR Operating System
• HP 3PAR OS 3.1.2 MU2 or later
HP Peer Motion and HP Remote Copy are supported on data-encryption enabled systems. If the
target system’s data-encryption state does not match the primary system’s data-encryption state
when you are setting up HP Peer Motion or HP Remote Copy, you will get a warning that must be
acknowledged in order to continue setting up. However, you will not be prevented from replicating
encrypted data to a non-encrypting system.
Self-Encrypting Drives
SEDs are solid-state or hard disk drives.
Data Encryption Licensing
An HP 3PAR Data Encryption license is required to enable data encryption. This system-based
encryption license key must be explicitly set by using the setlicense command.
112 Data Encryption