7914FDE.fm
You will be prompted for the location to store the file and the pass phrase used to create or
change the existing security key file, as shown in Figure 15-21. The DS3500 Disk Encryption
Manager uses the pass phrase to encrypt the security key before it exports the security key to
the security key backup file.
Figure 15-21 Save Security Key File window
15.4.3 Secure erase
Secure erase provides a higher level of data erasure than other traditional methods. When
you initiate secure erase with the DS3500 Storage Manager, a command is sent to the FDE
drive to perform a "cryptographic erase". This erases the existing data encryption key and
then generates a new encryption key inside the drive, making it impossible to decrypt the
data. Drive security becomes disabled and must be re-enabled if it is required again. To
perform a Secure erase of the drive, right-click on the drive and choose the option
Secure Erase... as shown in Figure 15-22.
Figure 15-22 Secure Erase of a FDE drive
470
IBM System Storage DS3500: Introduction and Implementation Guide
Draft Document for Review March 28, 2011 12:24 pm