Abstract: Provided are a computer program product, system, and method for determining key server type and key server redundancy information to enable encryption. A first key server type for a first protocol is indicated in a key server type field in response to determining a current protocol used to communicate with the key server comprises the first protocol. A query information request is submitted to the key server to determine a key server type in response to determining that the current protocol comprises the second protocol. The second key server type indicated in the response to the query information request is indicated in the key server type field in response to the response indicating the second key server type. The first or second type of key server indicated in the key server type field is used to determine information to include in a key retrieval request.

Abstract: A first node and a second node are configured in a storage system, wherein the first node and the second node are communicatively coupled to a key server. One or more nodes of a set comprising the first node and the second node initiate a process to generate an encryption key to be shared between the first node and the second node in the storage system. A request for the encryption key is transmitted to the key server, from the one or more nodes of the set comprising the first node and the second node, in response to securing a common lock that is available.

Abstract: A method for sharing data encryption keys among a plurality of storage systems is disclosed. The method generates, by a first storage system, a data encryption key for encrypting data sent from the first storage system to cloud storage. The method stores the encrypted data in the cloud storage in the form of an encrypted data object. In certain embodiments, the first storage system stores an Internet Protocol (IP) address of a second storage system belonging to a same key sharing network as the first storage system. The method replicates, from the first storage system to the second storage system, the data encryption key. The second storage system retrieves the encrypted data object from the cloud storage and decrypts the encrypted data in the encrypted data object using the data encryption key received from the first storage system.

Abstract: Provided are a computer program product, system, and method for determining key server type and key server redundancy information to enable encryption. A first key server type for a first protocol is indicated in a key server type field in response to determining a current protocol used to communicate with the key server comprises the first protocol. A query information request is submitted to the key server to determine a key server type in response to determining that the current protocol comprises the second protocol. The second key server type indicated in the response to the query information request is indicated in the key server type field in response to the response indicating the second key server type. The first or second type of key server indicated in the key server type field is used to determine information to include in a key retrieval request.

Abstract: Provided are a computer program product, system, and method for determining key server type and key server redundancy information to enable encryption. A first key server type for a first protocol is indicated in a key server type field in response to determining a current protocol used to communicate with the key server comprises the first protocol. A query information request is submitted to the key server to determine a key server type in response to determining that the current protocol comprises the second protocol. The second key server type indicated in the response to the query information request is indicated in the key server type field in response to the response indicating the second key server type. The first or second type of key server indicated in the key server type field is used to determine information to include in a key retrieval request.

Abstract: Provided are a computer program product, system, and method for determining key server type and key server redundancy information to enable encryption. A first key server type for a first protocol is indicated in a key server type field in response to determining a current protocol used to communicate with the key server comprises the first protocol. A query information request is submitted to the key server to determine a key server type in response to determining that the current protocol comprises the second protocol. The second key server type indicated in the response to the query information request is indicated in the key server type field in response to the response indicating the second key server type. The first or second type of key server indicated in the key server type field is used to determine information to include in a key retrieval request.

Abstract: Provided are a computer program product, system and method for a redundant key server encryption environment. A key server receives from at least one remote key server public keys associated with the at least one remote key server. The key server receives a request for an encryption key from a requesting device and generates the encryption key for use by the requesting device to unlock a storage. The key server generates a first wrapped encryption key by encrypting the encryption key with a requesting device public key, a second wrapped encryption key by encrypting the encryption key with a public key associated with the key server, and at least one additional wrapped encryption key by encrypting the encryption key with the at least one public key provided by the at least one remote key server. The key server transmits the generated keys to the requesting device.

Abstract: Provided are a computer program product, system and method for a redundant key server encryption environment. A key server transmits public keys associated with the key server and at least one device to at least one remote key server. The key server receives from the at least one remote key server public keys associated with the at least one remote key server. The key server receives a request for an encryption key from a requesting device comprising one of the at least one device and generates the encryption key for use by the requesting device to unlock a storage. The key server generates a first wrapped encryption key by encrypting the encryption key with a requesting device public key associated with the requesting device. The key server generates a second wrapped encryption key by encrypting the encryption key with a public key associated with the key server.

Abstract: Provided are a computer program product, system and method for a redundant key server encryption environment. A key server receives from at least one remote key server public keys associated with the at least one remote key server. The key server receives a request for an encryption key from a requesting device and generates the encryption key for use by the requesting device to unlock a storage. The key server generates a first wrapped encryption key by encrypting the encryption key with a requesting device public key, a second wrapped encryption key by encrypting the encryption key with a public key associated with the key server, and at least one additional wrapped encryption key by encrypting the encryption key with the at least one public key provided by the at least one remote key server. The key server transmits the generated keys to the requesting device.

Abstract: Provided are a computer program product, system and method for a redundant key server encryption environment. A key server transmits public keys associated with the key server and at least one device to at least one remote key server. The key server receives from the at least one remote key server public keys associated with the at least one remote key server. The key server receives a request for an encryption key from a requesting device comprising one of the at least one device and generates the encryption key for use by the requesting device to unlock a storage. The key server generates a first wrapped encryption key by encrypting the encryption key with a requesting device public key associated with the requesting device. The key server generates a second wrapped encryption key by encrypting the encryption key with a public key associated with the key server.

Abstract: Provided are a method, system, and program for storing and using metadata in multiple storage location. Signature data is stored in a system storage indicating a plurality of metadata copy locations, each locating identifying a storage device and a copy location within the storage device. Each location contains one copy of the metadata, wherein the metadata includes system configuration information. A copy of the signature data is stored with each copy of the metadata.

Abstract: In one version of the present invention, a system to configure a storage server despite an out-of-service storage adapter includes a storage array and a pair of storage servers connected to the storage array via a corresponding pair of storage adapters. The storage servers may be configured to retrieve configuration metadata from the storage array during a system initialization sequence and communicate the configuration metadata to the other storage server in case one of the storage servers is blocked from accessing the storage array due to an out-of-service storage adapter. The storage servers may also be configured to share a processing load despite the out-of-service storage adapter. The configuration metadata may include a variety of definitions and control parameters such as rank definitions, volume definitions, logical subsystem definitions, mirroring parameters, remote archiving parameters, a rank segment table, and page pointer data.

Abstract: Provided are a method, system, and article of manufacture, wherein a plurality of data arrays coupled to a storage controller is maintained. Data arrays are selected from the plurality of data arrays based on predetermined selection rules. Data is stored redundantly in the selected data arrays by writing the data to the selected data arrays.

Abstract: An apparatus, system, and method are disclosed for global metadata copy repair. The apparatus includes a control module for copying global metadata from primary storage to target storage, a verification module configured to identify invalid track in the global metadata, a location module configured to maintain a current read address, and a read module configured to find a valid copy of the invalid track. The system includes a plurality of hosts, a storage controller in communication with the plurality of hosts over a network, a primary storage device, a target storage device, and the apparatus. The method includes copying global metadata from a primary storage device to a target storage device, identifying invalid track in the global metadata of the primary storage device, maintaining a current read address of a buffer read, and finding a valid copy of the invalid track.

Abstract: In one version of the present invention, a system to configure a storage server despite an out-of-service storage adapter includes a storage array and a pair of storage servers connected to the storage array via a corresponding pair of storage adapters. The storage servers may be configured to retrieve configuration metadata from the storage array during a system initialization sequence and communicate the configuration metadata to the other storage server in case one of the storage servers is blocked from accessing the storage array due to an out-of-service storage adapter. The storage servers may also be configured to share a processing load despite the out-of-service storage adapter. The configuration metadata may include a variety of definitions and control parameters such as rank definitions, volume definitions, logical subsystem definitions, mirroring parameters, remote archiving parameters, a rank segment table, and page pointer data.

Abstract: Provided are a method, system, and program for storing and using metadata in multiple storage location. Signature data is stored in a system storage indicating a plurality of metadata copy locations, each locating identifying a storage device and a copy location within the storage device. Each location contains one copy of the metadata, wherein the metadata includes system configuration information. A copy of the signature data is stored with each copy of the metadata.

Abstract: Provided are a method, system, and program for storing and using metadata in multiple storage location. Signature data is stored in a system storage indicating a plurality of metadata copy locations, each locating identifying a storage device and a copy location within the storage device. Each location contains one copy of the metadata, wherein the metadata includes system configuration information. A copy of the signature data is stored with each copy of the metadata.

Abstract: Provided are a method, system, and article of manufacture, wherein a plurality of data arrays coupled to a storage controller is maintained. Data arrays are selected from the plurality of data arrays based on predetermined selection rules. Data is stored redundantly in the selected data arrays by writing the data to the selected data arrays.