You can encrypt VSS-2 packs on ClearPath MCP Software Series systems, Libra systems, and FS systems. When you mark the pack to be encrypted, the data is encrypted when writing to the pack and automatically is decrypted when reading from the encrypted pack. There is no application impact when enabling disk encryption.
Disk encryption allows a site to protect data at rest from data leakage (either active data leakage or leakage from after the disk has been disposed). A security administrator must define the keys to be used for encryption/decryption, as well as back them up to an external media before any disks can be encrypted with the keys.
| Note: | Keys must be backed-up to external media through the ODT DISKKEY command in order to be used for disk encryption. For keys that are not backed-up, the key is shown as “new” in the ODT command DISKKEY SHOW. |
You can encrypt all VSS-2 packs on the ClearPath MCP system, including the halt-load unit. If the pack is to be shared with other systems (for example, with Business Continuation Assistant), the keys must be present on all systems in order to read the encrypted packs.
Disks are encrypted on a per-pack basis. When the pack is initialized or encryption is turned-on, the key to use is specified. You can use keys on one or more packs. The site local security defines the number of keys needed for disk encryption.
For information about running disk encryption and installing cryptography, refer to Network Security and Cryptography Services.
