Skip to main content
After configuring the KMIP connection, create encryption keys and enable encryption on the target parity groups.

Create encryption keys

1
In Storage Navigator, navigate to Administration > Encryption Keys > Encryption Keys tab.
2
Select Create Keys. The VSP generates encryption keys using the CryptoHub via KMIP (if configured in the previous step) or locally.

Back up encryption keys to the CryptoHub

1
In the Encryption Keys tab, select Backup Keys > To Server.
2
The VSP sends a backup of the encryption keys to the CryptoHub for safekeeping.
Always back up encryption keys immediately after creation and after any certificate changes. Previously backed-up encryption keys tied to an old client certificate cannot be restored after a certificate change.

Enable encryption on parity groups

1
Navigate to the target parity group in Storage Navigator.
2
Enable encryption on the parity group.
3
Format the LDEVs in the encrypted parity group. Refer to the Hitachi Provisioning Guide for detailed LDEV formatting instructions.

Post-configuration checklist

After completing the configuration:
  • Securely store a backup of the client.p12 certificate file and its password outside of the SVP.
  • Export and back up the KMS configuration settings from Storage Navigator.
  • Document the CryptoHub connection details (IP/hostname, port) in your disaster recovery runbook.
  • Set calendar reminders to renew the client certificate before it expires. An expired certificate causes immediate and complete loss of KMS access.