Managing an Encrypted Disk

Relationships Between Encrypted Disks and Backups

The encryption function can be used for system disks, data disks, and backups. The detailed descriptions are as follows:

• System disk encryption depends on the image of the server OS. If the server is created from an encrypted image, the system disk will be an encrypted disk. For details, see Encrypting an Image in the Image Management Service User Guide.
• The encryption attribute of an existing disk cannot be changed. You can create new disks and determine whether to encrypt the disks or not.
• When a disk is created from a backup, the encryption attribute of the new disk will be consistent with that of the backup's source disk.
• When a backup is created for a disk, the encryption attribute of the backup is the same as that of the disk.

For details about how to create an encrypted disk, see Step 2: Create a Disk.

Creating an Encrypted Disk

Before you use the disk encryption function, KMS access rights need to be granted to EVS. If you have the Security Administrator permission, grant KMS access rights directly. If you do not have this permission, contact a user with the security administrator permission to grant KMS access rights to EVS, then repeat the preceding operations.

For details about how to create an encrypted disk, see Step 2: Create a Disk.

Detaching an Encrypted Disk

Before you detach a disk encrypted by a CMK, check whether the CMK is disabled or scheduled for deletion. If the CMK is unavailable, the disk can still be used, but normal read/write operations are not permanently guaranteed. If the disk is detached and then re-attached, re-attaching this disk will fail. In this case, do not detach the disk and restore the CMK status first.

The restoration method varies depending on the current CMK status. For details, see Disk Encryption.

If the CMK is available, the disk can be detached and re-attached, and data on the disk will not be lost.

For details about how to detach an encrypted disk, see Detaching a Data Disk.