Use the Hardware Encryption settings to define the default hardware encryption behavior for new storage pools. These settings determine whether hardware encryption is enabled, how encryption keys are accessed by external restore tools, whether backup metadata is encrypted, and whether you can modify the encryption configuration after it is applied.
Hardware encryption uses the encryption capabilities provided by the storage hardware.
Before You Begin
- Verify that the storage hardware supports hardware encryption.
- Determine whether direct media access should be allowed for external restore tools.
- Determine whether backup metadata should be encrypted.
Procedure
- From the navigation pane, go to Manage > Settings > Encryption.
-
In the Hardware Encryption section, configure the following settings:
- Enable encryption: Enables hardware encryption for new storage pools.
-
Direct media access (external restore tools): Specifies how encryption keys are made available to external restore tools.
Available options include:
- Via media password: Stores the encryption keys in a scrambled format on the media.
- No access: Does not store encryption keys on the media.
-
Enable Encryption on Chunkmap trailers: Encrypts the chunkmap trailers that contain metadata for backup chunks.
When this option is enabled, the Direct media access (external restore tools) options are disabled.
-
Prevent changes to hardware encryption settings: Prevents users from modifying hardware encryption settings after they are configured for a storage pool.
Result
The configured hardware encryption settings are used as the default settings for new storage pools.