Chapter 4: About Omnicube Cn-2400-E And Cn-5400-E Drive Encryption - HP SimpliVity OmniCube CN-3400 Installation And Maintenance Manual

Chapter 4: About OmniCube CN-2400-E and
CN-5400-E drive encryption
This section contains the following topics:
•
Access the PERC BIOS Configuration Utility
•
Check drive security in the BIOS
•
Check drive security in the IPMI web interface
•
Create a Security Key
• Secure disk groups with a Security Key
•
Delete disk groups
•
Change the passphrase for a Security Key
• Delete a Security Key
•
Erase a drive that supports encryption
You can use Data At Rest Encryption to secure the data on the front SSD and HDD drives in the event that these
drives are lost or stolen. The drive encryption uses Local Key Management (LKM) to prevent unauthorized access
to the data on the physical disks. You create a Security Key with a passphrase on the RAID controller and then
specify the disk groups and virtual disks that you want to secure on the drives. You manage Security Keys on a
per system basis. There is no central key management for all secured systems.
If a secured drive is physically removed from the system (Data at Rest) and then inserted into a different system,
its data is inaccessible without the passphrase used to secure it. You typically create a unique passphrase for
each RAID controller on which you create a Security Key.
The front drives, which are controlled by the H730P Mini Adapter RAID controller, store user data and data for the
OmniStack software. You cannot encrypt the rear boot drives, which are controlled by the PERC H330 Mini RAID
controller. Since the rear boot drives do not contain user data, you do not need to encrypt them.
You use the PERC BIOS Configuration Utility to manage Security Keys on the PERC H730P RAID controller,
including:
Verify if drives are secured
Create a Security Key
Secure the disk groups
Delete disk groups
You can use the IPMI web interface or the PERC BIOS Configuration Utility
to confirm whether physical and virtual disks are currently secured with a
Security Key. If disks are secured, you do not need to create a key. You must
configure the IPMI port before you can access the IPMI web interface or the
Virtual Console, which you use to access the BIOS.
You create a Security Key on the RAID controller to encrypt its physical disks
and disk groups.
After creating a Security Key, you then secure the disk groups, which also
secures the virtual disks, on the controller.
You can delete the disk groups, which also deletes the virtual disks, on the
controller. You are required to delete all secured virtual disks before you can
erase a drive.
31