Home > Data Protection > PowerProtect DD Series Appliances > PowerProtect DD Series Appliances: Encryption Software > Key manager support
All key managers support all DDOS file-system protocols.
When configuring protection systems for directory or MTree replication, configure each system separately. The two systems can use either the same or a different key class, and the same or different key managers. For collection-replication configuration, you must configure the protection system on the source. All replicated data is encrypted with the key set on the source. New data that is written to the destination after a replication break uses either the last active key set on the source or a new key if the key manager is configured.
When the embedded key manager is selected, the protection system creates its own keys. After the key-rotation policy is configured, a new key is automatically created at the next rotation. To disable the key-rotation policy, click the Disable button that is associated with the key-rotation status of the embedded key manager.
Create an encryption key:
A new protection system key is created and activated immediately.
Destroy an encryption key:
The system displays the Destroy window that includes the tier and state for the key.
You can delete key manager keys that are in the Destroyed or Compromised-Destroyed states. However, you can delete a key only when the number of keys has reached the maximum limit of 254 limit. This procedure requires security officer credentials.
Delete an encryption key:
The system displays the key to be deleted, and the tier and state for the key.
DD series appliances support external key managers by using KMIP, and centrally manage encryption keys in a single, centralized platform. Note the following:
Follow this procedure to create a key for the KMIP-complaint key manager:
A new KMIP key is created and activated immediately.
Follow this procedure to configure a KMIP-complaint key manager:
The Change Key Manager dialog box opens.
The Change Key Manager information appears.