Managing system-wide encryption keys for data storage systems

Assignee

• EMC IP Holding Company LLC · US

Inventors

• Thomas N. Dibb · Rutland, US
• Naizhong Chiu · Newton, US
• Gregory W. Lazar · Upton, US
• Xuan Tang · Hopkinton, US
• Millard C. Taylor, II · Chapel Hill, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L9/14
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

The techniques presented herein provide for initializing and upgrading data encryption capability in a data storage system. The data storage system in initialized to encrypt data writes using a system wide encryption key. A request is received to upgrade the encryption functionality in the data storage system. A data slice is identified for encryption, wherein the data slice is stored in a RAID group in the data storage system. The data slice is pinned in a first cache memory of a first storage processor and persisted in a second cache memory of a second storage processor. The data slice encrypted and a write operation is initiated to write the encrypted data slice back to the RAID group. If the write operation was successful, the data slice is unpinned the first and second cache memory associated with the data slice is freed, else if the write operation was unsuccessful, the data slice is unpinned and the first and second cache memory associated with the data slice are flushed.