Ongoing RDL operation

3min

Consider the following general notes for KMIP configuration:
You can delete a certificate only when no KMIP server is using it. Use the KMIP server (such as ) to determine whether the certificate is in use. The purecert command does not include information on whether a certificate is in use. 
Currently, you cannot rename a KMIP server or a certificate used with a KMIP server. 
How to block access to the FlashArray
If you need to block access to FlashArray data immediately, take one of the following steps and then either power down the FlashArray or restart Purity: 
On the KMIP server (such as ), revoke the TLS certificate used for communication with the FlashArray. You can recover it later by redoing the certificate setup steps. 
Delete the secret key used for communication with the FlashArray on the KMIP server. After this step, you cannot recover FlashArray data. Use it only to make the array data permanently inaccessible. 
These steps do not block data availability until Purity is restarted (or the array is powered off). 
All data on the FlashArray might become inaccessible if any of the following happen after you enable RDL on the array.  
The KMIP server is removed or is not accessible.
The certificate used with the KMIP server expires.
You might see an alert, but the data remains accessible until the next Purity restart or failover.
﻿
﻿
﻿

Updated 01 May 2024

Did this page help you?

Enable Rapid Data Locking (RDL)

TrueNAS