Generate a new appliance encryption key to replace the existing key

When secure data-at-rest is enabled, the administrator can generate a new AEK. This may be necessary if the copy of the current AEK was lost or compromised.

Prerequisites
  • Privileges: Infrastructure administrator

  • Secure data-at-rest option is set to Yes in the Settings > Security > Secure data-at-rest screen.

  • A backup is taken before regenerating the AEK to recover from possible errors encountered during the key generation process.

Procedure
  1. From the main menu, select Settings.
  2. Click Security and then select Secure data-at-rest.
  3. Click the Generate new appliance encryption key link or select Actions > Generate new appliance encryption key.
  4. Click Download appliance encryption key.
  5. To verify that the appliance encryption key was successfully downloaded, it must be uploaded and verified. Click Browse to select the same file that was downloaded for upload and verification and click OK. Only after the new encryption key is uploaded back into the appliance, does it replace the existing appliance encryption key.
    NOTE:

    Ensure that a new backup is taken after the AEK is replaced.