Enabling SEK for the Cloud VM Set
- Log into the KeyControl webGUI on any node in the cluster using an account with Cloud Admin privileges for the Cloud VM Set you want to modify.
- In the top menu bar, click Cloud.
- On the VM Sets tab, select the Cloud VM Set for which you want to enable SEK.
- On the Details tab, click Enable in the Single Encryption Key field.
-
In the Enable Single Encryption Key dialog box, specify the options you want to use.
Option
Description
Single Key Encryption Cipher
The Cipher used for the encryption key. The options are AES-256 (the default) and AES-128.
Single Key Encryption Expiration The date on which the SEK key will expire or "Never" if the SEK never expires. If you specify a date and the SEK key expires, access to every encrypted disk on every VM in the Cloud VM Set will be denied. What happens to the SEK key depends on the setting in the Expiration Action field. Single Key Encryption Expiration Action
- No Use — The key is deactivated but retained. It can be reactivated by setting a future expiration date, or by setting the expiration date to "Never". At that point, all access to the encrypted data will be restored. This is the default.
- Shred — The key is destroyed and cannot be retrieved. You should only use this option if you are absolutely certain that you will never again need to access the data encrypted by this key. If a key is shredded, any data encrypted by this key cannot be decrypted.
- When you are done, click Enable. KeyControl creates a SEK key that it will use to encrypt all disks in all VMs registered with this Cloud VM Set until you generate a new SEK key. For details, see Generating a New SEK Key.
