Encrypting a Disk Using the webGUI

The following procedure describes how to use the KeyControl webGUI to encrypt a Linux data partition or a Windows boot drive, folder mount, or data drive.

Note: You cannot encrypt a Linux system device (such as /root, swap, or /home) using this procedure. Instead, follow the procedure described in Encrypting Linux System Devices.

Before You Begin 

For Linux disks:

• Make sure you have partitioned the Linux data disk and that the disk meets the qualifications described in Linux Encryption Prerequisites.

• If an entry for the Linux device you intend to encrypt already exists in the Filesystem Table (/etc/fstab), you need to remove that entry until the encryption process is complete and the HyTrust-created clear text path to the device is available. If you reboot the device after encryption with the /etc/fstab entry still pointing to the original device path, the system may hang because the encrypted version of the device will fail the filesystem check. For details, see Automatically Mounting Linux Filesystems.

• If you want to encrypt the existing data while the disk remains online and accessible, make sure you enable Online Encryption on the VM as described in Enabling Linux Online Encryption with the CLI and Enabling Linux Online Encryption with the webGUI. For details about Online Encryption, see Linux Online Encryption Prerequisites and Considerations.

For Windows disks:

• If this is a Windows data drive, make sure the disk you want to encrypt meets the prerequisites described in Windows Encryption Prerequisites.
• If this is a Windows boot partition, make sure the partition has been set up as described in Windows Boot Drive Encryption. Note: The boot partition may not appear as an available disk until after the HyTrust Bootloader is installed.

Procedure 

1. Log into the KeyControl webGUI using an account with Cloud Admin privileges.
2. In the top menu bar, click Cloud.
3. Click the VMs tab and select the VM you want to work with from the list.
4. Click the Expand button (>) at the end of the row to access the details for the specific VM.
5. In the Details area, click on the Unencrypted Disks tab.

6. Select the disk you want to encrypt and select Actions > Encrypt Disk from the VM-specific Actions menu. KeyControl displays a message that the encryption request was successfully created and adds an Encrypt Disk task for the VM that will begin on then VM's next heartbeat. The length of time the operation will take depends on the amount of data already present on the disk and the encryption settings configured for this system.

   You can track the progress of the encryption task on the Dashboard in the Tasks tile.

   

   When the encryption request begins processing, KeyControl moves the disk from the Unencrypted Disks tab to the Encrypted Disks tab and sets the state to Active/Encrypt. When the encryption process has finished, KeyControl changes the state to Active/Attached.

   Tip: If the encryption fails for a Windows disk with the message that there are too many partitions on the disk, see Detecting and Removing a Windows Snapshot Partition.

   What to Do Next 

   If you removed the /etc/fstab entry for a Linux disk, you can recreate that entry using the clear text path created during encryption. For details, see Automatically Mounting Linux Filesystems.