- All Implemented Interfaces:
- java.io.Serializable
public class EnableEncryptionAtRestRequest
extends java.lang.Object
implements java.io.Serializable
EnableEncryptionAtRestRequest
Initiate the process of setting a password on self-encrypting drives (SEDs) within the cluster. This feature is not enabled by default but can be toggled on and off as needed.
If a password is set on a SED which is removed from the cluster, the password will remain set and the drive is not secure erased. Data can be secure erased using the SecureEraseDrives API method.
Note: This does not affect performance or efficiency.
If no parameters are specified, the password will be generated internally and at random (the only option for endpoints prior to 12.0). This generated password will be distributed across the nodes using Shamir's Secret Sharing Algorithm such that at least two nodes are required to reconstruct the password. The complete password to unlock the drives is not stored on any single node and is never sent across the network in its entirety. This protects against the theft of any number of drives or a single node.
If a keyProviderID is specified then the password will be generated/retrieved as appropriate per the type of provider. Commonly this would be via a KMIP (Key Management Interoperability Protocol) Key Server in the case of a KMIP Key Provider (see CreateKeyProviderKmip). After this operation the specified provider will be considered 'active' and will not be able to be deleted until DisableEncryptionAtRest is called.
- See Also:
- Serialized Form