Security Key Identifier; Passwords - IBM System Storage DS3500 Introduction And Implementation Manual
Hide thumbs
Also See for System Storage DS3500:
- Installation, user's, and maintenance manual (222 pages) ,
- Installation, user & maintenance manual (180 pages) ,
- Quick start manual (18 pages)
Table of Contents
Advertisement
7914FDE.fm
15.2.5 Security key identifier
For additional protection, the security key that is used to unlock FDE drives is not visible to the
user. The security key identifier is used to refer to a security key instead. You can see the
security key identifier during operations that involve the drive security key backup file, such as
creating or changing the security key. The security key identifier is stored in a special area of
the disk; it can always be read from the disk and can be written to the disk only if security has
been enabled and the drive is unlocked.
The security key identifier field in the FDE Drive Properties window, shown in Figure 15-3,
includes a random number that is generated by the controller when you create or change the
security key. One security key is created for all FDE drives on the storage subsystem.
Note that the Security Capable and Secure fields in the Drive Properties window show
whether the drive is secure capable and whether it is in Secure (Yes) or Unsecured (No) state.
The example shows that the drive is both capable (FDE) and enabled.
Figure 15-3 FDE drive properties showing security ID and status
15.2.6 Passwords
For Disk Security to be enabled, the DS3500 has to have the administration pass phrase or
password set. The password must be "strong" and not easy to guess. A check is made on the
password and if the system does not consider it to be strong enough when you log in or are
prompted for the password, the message Strong password requirement not met will
454
IBM System Storage DS3500: Introduction and Implementation Guide
Draft Document for Review March 28, 2011 12:24 pm
Advertisement
Table of Contents
Troubleshooting
