IBM FlashSystem

 View Only

 At firmware 8.7.2, internal encryption feature Question

JONGCHUL LEE's profile image
JONGCHUL LEE posted Mon February 03, 2025 08:42 PM

Hi all,
I have a question about the internal encryption feature of firmware 8.7.2.


First, after upgrading storage from an existing version prior to 8.7.2, can I enable the encryption feature for the existing Pools?

Second, after enabling the internal encryption feature, can I use some Pools with the encryption feature enabled and some Pools with the encryption feature disabled?

Third, should I select whether to enable or disable the internal encryption feature during initial configuration?

Can someone please answer?

Thank you.

Nezih Boyacioglu's profile image
Nezih Boyacioglu IBM Champion posted Tue February 04, 2025 02:00 AM
Hello,
 
you need to enable encryption when creating the pool. If your system contains free drives to create encrypted pool instead non-encrypted old one, create new pool with encryption and migrate your volumes to the new encrypted pool. If no free drives available you need to delete your pool and re-create with encryption. If you have more than one flashsystems, 8.7.2 provides Flash Grid feature, you can easily move your data from one system to another without any disruptions and you can re-create your pool and move all back.
Ian Wright's profile image
Ian Wright IBM Champion posted Tue February 04, 2025 09:14 AM

For the second question ( and I assume that we're talking about "internal" encryption being self-encrypting drives with a KMIP key manager), I would say that you can , but I'm not sure why you would want more than one pool in most circumstances. Better to spread the data out over more drives, at least within a given tier, and allow it to make the best use of them. But, it is possible to do that. Just remember, there's not going to be any performance impact from the drive level encryption.

Related Content