Viewing the SEK Key Version for a Disk
When a Cloud Admin generates a new version of the SEK key, KeyControl does not automatically launch a rekey task for all the disks in the Cloud VM Set. It does, however, provide the new version of the SEK key to the HyTrust DataControl Policy Agent when the Policy Agent needs to encrypt a new disk or rekey an previously encrypted disk.
This gives the Cloud Admin full control over when rekeys take place, but it does mean that some disks in the Cloud VM Set may be using different versions of the SEK key. If data deduplication stops working for some of the VMs in the Cloud VM Set, use this procedure to verify that the encrypted disks are using the most recent version of the SEK key. If there are discrepancies, you can rekey the appropriate disks.
- For Linux, log into the VM as
root. For Windows, log in as a System Administrator and open a Command Prompt or start Windows PowerShell. -
Enter the
hcl keyversion disknamecommand, wheredisknameis the name of the disk that you want to check. For Linux, use the short form of the disk name. (For example,sdb1instead of/dev/sdb1.) For Windows, specify the drive letter or folder mount associated with the disk. (For example,f:org:\data).The command returns the key version being used by the disk as well as the current SEK key version. The following example shows a disk that is currently encrypted with an older version of the SEK key:
# hcl keyversion sdb1 keyversion: 2 SEKversion: 4
In this case, you should rekey the disk to bring it up to date. For details, see Rekeying a Disk using the CLI and Rekeying a Disk Using the webGUI.
