Use the following steps to configure DD Encryption.
- To enable data encryption, in DD System Manager, click Data Management > File System > DD ENCRYPTION and click Configure.
- Enter the system passphrase to enable encryption.
- In the Configure DD Encryption window, use the Algorithm drop-down menu to select an encryption algorithm or accept the default AES 256-bit (CBC). The AES 256-bit GCM is the most secure algorithm, but it is slower than CBC mode.
By checking the Apply to existing data option, the existing data will be encrypted during the first cleaning cycle after the file system is restarted. Encryption of existing data can take longer than a standard file-system-cleaning operation.
- In the Change Key Manager window > Key Manager section, select one of the following options in the Type drop-down menu:
- Embedded Key Manager
- KeySecure Key Manager (SafeNet KeySecure Key Manager)
- DSM Key Manager (Data Security Manager Key Manager)
- When the encryption is enabled, by default the Embedded Key Manager is in effect after the file system is restarted. You can enable or disable key rotation. If enabled, enter a rotation interval between 1 month and 12 months.
- Review the configuration confirmation page, and then click Finish.
DD Encryption is now successfully configured with Embedded Key Manager.