Saving A Security Key; Validate Security Key; Unlocking Secure Physical Disks - Dell PowerVault MD3260i Administrator's Manual

Saving A Security Key

You save an externally storable copy of the security key when the security key is first created and each time it is
changed. You can create additional storable copies at any time. To save a new copy of the security key, you must
provide a pass phrase. The pass phrase you choose does not need to match the pass phrase used when the security key
was created or last changed. The pass phrase is applied to the particular copy of the security key you are saving.
To save the security key for the storage array,
1. In the AMW toolbar, select Storage Array → Security → Physical Disk Security → Save Key.
The Save Security Key File - Enter Pass Phrase window is displayed.
2. Edit the default path by adding a file name to the end of the path or click Browse, navigate to the required folder
and enter the name of the file.
3. In Pass phrase, enter a string for the pass phrase.
The pass phrase must meet the following criteria:
– It must be between eight and 32 characters long.
– It must contain at least one uppercase letter.
– It must contain at least one lowercase letter.
– It must contain at least one number.
– It must contain at least one non-alphanumeric character (for example, < > @ +).
The pass phrase that you enter is masked.
4. In Confirm pass phrase, re-enter the exact string you entered in Pass phrase.
Make a record of the pass phrase you entered. You need it for later secure operations.
5. Click Save.
6. Make a record of the security key identifier and the file name from the Save Security Key Complete dialog, and click
OK.

Validate Security Key

A file in which a security key is stored is validated through the Validate Security Key dialog. To transfer, archive, or back
up the security key, the RAID controller module firmware encrypts (or wraps) the security key and stores it in a file. You
must provide a pass phrase and identify the corresponding file to decrypt the file and recover the security key.
Data can be read from a security enabled physical disk only if a RAID controller module in the storage array provides the
correct security key. If security enabled physical disks are moved from one storage array to another, the appropriate
security key must also be imported to the new storage array. Otherwise, the data on the security enabled physical disks
that were moved is inaccessible.
See the online help topics for more information on validating the security key.

Unlocking Secure Physical Disks

You can export a security enabled disk group to move the associated physical disks to a different storage array. After
you install those physical disks in the new storage array, you must unlock the physical disks before data can be read
from or written to the physical disks. To unlock the physical disks, you must supply the security key from the original
storage array. The security key on the new storage array is different and cannot unlock the physical disks.
You must supply the security key from a security key file that was saved on the original storage array. You must provide
the pass phrase that was used to encrypt the security key file to extract the security key from this file.
71