Home > Storage > PowerMax and VMAX > Data Protection > Dell EMC PowerMax: End-to-End Efficient Encryption > Enabling the PowerMax array
You must enable the PowerMax array before using end-to-end efficient encryption. Enabling the PowerMax is done when both the additional I/O module is installed in each director and the MMCS is registered with the DSM.
To use end-to-end efficient encryption, you must add the encryption I/O modules to the PowerMax system. The encryption I/O modules are necessary to encrypt and decrypt data in cache when the application host reads from or writes to the system. This addition allows the system to take advantage of the space-saving data-reduction features.
When you order a PowerMax system with end-to-end efficient encryption, it is delivered with the additional I/O modules installed and configured. You can add end-to-end efficient encryption to an existing D@RE-enabled PowerMax system as an upgrade. The upgrade requirements are as follows:
Note: If you are adding an engine to an existing PowerMax system and also adding end-to-end efficient encryption, you must add the engine first. Once you add the engine, you must perform an online configuration change to satisfy the requirements listed previously.
Registering the MMCS and DSM together establishes communication. Communication between both components uses the KMIP communication protocol that resides on the MMCS to communicate with the DSM. The DSM acts as an external key manager for the encryption at the host applications. When an encryption policy is set for a volume, keys are generated and shared with the MMCS for decryption when the data is in cache.
After the MMCS and DSM are registered, the PowerMax system is in the Encryption Enabled state, as shown in the following two figures.
Note: Registering the MMCS and DSM is a field-support activity that must be performed by Dell Technologies personnel.