Rekeying a Disk Using the webGUI

When KeyControl rekeys a disk, it creates a new key and then begins decrypting the disk using the old key. As each block is decrypted, the Policy Agent re-encrypts it using the new key.

Note: If you are using the Single Encryption Key (SEK) option to support data deduplication (dedupe), make sure there is a new version of the SEK key available before you rekey the disk. If the disk already uses the current version of the key, the rekey request may fail. For more information, see Viewing the SEK Key Version for a Disk.

The following procedure applies to all types of Windows disks and to Linux data disks. You cannot, however, rekey a Linux system device (such as /root, swap, or /home) using this procedure. Instead, use the htroot rekey command as described in Rekeying a Linux System Device.

  1. Log into the KeyControl webGUI on any node in the cluster using an account with Cloud Admin privileges.
  2. In the top menu bar, click Cloud.
  3. Click the VMs tab and select the VM you want to work with from the list.
  4. Click the Expand button (>) at the end of the row to access the details for the specific VM.
  5. In the Details area, click on the Encrypted Disks tab.

  6. Select the disk you want to rekey and select Actions > Rekey Disk from the VM-specific Actions menu. KeyControl displays a message that the rekey request was successfully created and adds a Rekey Disk task for the VM that will begin on then VM's next heartbeat. The length of time the operation will take depends on the amount of data already present on the disk and the encryption settings configured for this system.

    You can track the progress of the rekey task on the Dashboard in the Tasks tile.

    When the rekey request begins processing, KeyControl sets the state to Active/Rekey. When the encryption process has finished, KeyControl changes the state to Active/Attached.

 

HyTrust DataControl v 4.3

Copyright © 2019 HyTrust, Inc. All Rights Reserved.

Follow us: