Chapter 15. Disk Security With Full Disk Encryption Drives - IBM System Storage DS3500 Introduction And Implementation Manual
Hide thumbs
Also See for System Storage DS3500:
- Installation, user's, and maintenance manual (222 pages) ,
- Installation, user & maintenance manual (180 pages) ,
- Quick start manual (18 pages)
Table of Contents
Advertisement
Draft Document for Review March 28, 2011 12:24 pm
Disk Security with Full Disk
Chapter 15.
Encryption drives
Disk Security is a new feature which is now also available for the IBM System Storage
DS3500 storage subsystem that uses the newly available Full Disk Encryption (FDE) disk
drives. It is supported by the latest level of the DS3500 firmware (Version 7.70) and IBM
System Storage Manager V10.70 (Storage Manager). This chapter discusses how this new
feature can add a greater level of security while your data resides on disk, what it does, the
various components of the feature, and how to implement it.
The Disk Security premium feature requires security capable drives. A security capable drive
encrypts data during writes and decrypts data during reads. Each security capable drive has
a unique drive encryption key. When a security capable drive has the security enabled, the
drive requires the correct security key from the DS3500 for authentication before allowing
reading or writing the data. This is managed on each of the DS3500 controllers by the IBM
Disk Encryption Storage Manager which is only available on RPQ basis at time writing this
book. All of the drives in the DS3500 share the same security key and the shared security key
provides read and write access to the drives, and the drive encryption key on each drive is
used to encrypt the data.
© Copyright IBM Corp. 2010. All rights reserved.
7914FDE.fm
15
449
Advertisement
Table of Contents
Troubleshooting
