2. The storage administrator authorizes the recovery key enablement. This action
changes the recovery key state from "Enable Authorize Pending" to
"Unconfigured."
3. Normal recovery key configuration steps are followed to configure the recovery
key prior to encryption group creation.
Encryption deadlock
An encryption deadlock occurs when all key servers that are within an account
cannot become operational because some part of the data in each key server is
stored on an encrypting device that is dependent on one of these key servers to
access the data.
The key server provides an operating environment for the key server application to
run in, to access its keystore on persistent storage, and to interface with client
storage devices that require key server services. The keystore data is accessed by
the key server application by using your specified password. The keystore data is
encrypted independently of where it is stored. However, any online data that is
required to initiate the key server cannot be stored on storage that has a
dependency on the key server to enable access. If this constraint is not met, the key
server cannot perform an initial program load (IPL) and therefore cannot become
operational. This data includes the boot image for the operating system that runs
on the key server as well as any data that is required by that operating system and
its associated software stack to run the key server application, to allow it to access
its keystore and to allow the key server to communicate with its storage device
clients. Similarly, any backups of the key server environment and data must not be
stored on storage that has a dependency on a key server to restore or access the
backup data.
While an encryption deadlock exists, you cannot access any encrypted data that is
managed by the key servers. If all backups of the keystore are also stored on
encrypting storage that is dependent on a key server, and you do not have the
recovery keys that would unlock the storage devices, the encryption deadlock can
become a permanent encryption deadlock such that all encrypted data that is
managed by the key servers is permanently lost.
Note: To avoid encryption deadlock situations, ensure that you follow the
guidelines outlined in “Encryption deadlock prevention” on page 80.
With encryption-capable disks, the probability of an encryption deadlock increases
significantly because of the following factors:
v There are a number of layers of virtualization in the I/O stack hierarchy that
make it difficult for you to determine where all the files that are necessary to
make the key server and its associated keystore available are stored. The key
server can access its data through a database that runs on a file system on a
logical volume manager which communicates with a storage subsystem that
provisions logical volumes with capacity that is obtained from other subordinate
storage arrays. The data that is required by the key server might end up
provisioned over various storage devices, each of which might be independently
encryption-capable or encryption-enabled.
v Various layers within this I/O stack hierarchy can provide transparent data
relocation either autonomically or because of a user-initiated operations.
v As the availability of encryption-capable devices becomes more pervasive, more
data is migrated from non-encrypted storage to encrypted storage. Even if the
key servers are initially configured correctly, it is possible that a storage
78 Introduction and Planning Guide
To Next Page
Loading...
Need help?
General