1. Manuals
  2. Brands
  3. EMC Manuals
  4. Storage
  5. EMC Unity Family
  6. Security configuration manual

Data At Rest Encryption Audit Logging; Hot Spare Operations - EMC Unity Family Security Configuration Manual

Hide thumbs
Table of Contents

Advertisement

Data Security Settings

Data at Rest Encryption audit logging

Hot spare operations

EMC Unity All Flash, EMC Unity Hybrid, EMC UnityVSA 4.0 Security Configuration Guide
54
Note
As an alternative, use the CLI command uemcli -u<username> -p<password>
-download encryption -type backupKeys to backup the keystore file to a
location that is external to the system where the keystore can be kept safe and
secret. See the Unisphere Command Line Interface User Guide for detailed information
about this CLI command.
The D@RE feature provides a separate auditing function that supports logging of the
following keystore operations:
Feature activation
l
Key creation
l
Key destroy
l
Keystore backup
l
Disk encryption completed
l
SLIC addition
l
The audit log for keystore operations is stored in the private space on the system. To
download either the entire audit log and checksum information or the information for a
specific year and month, select Settings
Manage Encryption
Audit Log, select Download Audit Log & Chksum. To
>
download a newly generated checksum file for the audit log file that was retrieved at
an earlier time, select Settings
Encryption
Audit Log, select Download Chksum. The filename that you supply
>
must match exactly to the auditlog file that was retrieved previously.
Note
As an alternative, use the uemcli -u<username> -p<password> -download
encryption -type auditLog -entries <all or YYYY-MM> CLI command
to download the entire audit log and checksum information or a partial audit log,
respectively. See the Unisphere Command Line Interface User Guide for detailed
information about this CLI command.
When a system is already configured with DEKs for all the disk drives in the system
that are in provisioned pools, drives that are not currently in a provisioned pool are
considered unbound drives. Removal of unbound drives or unbound drives that
become faulted have no affect on the keystore and therefore do not require a backup
of the keystore file. Likewise, replacement of an unbound drive has no affect on the
keystore and therefore does not require a backup of the keystore file.
Note
Disk drives that are not bound will be overwritten with default data to remove pre-
existing data.
When a system is already configured with DEKs for all the drives in the system that
are in provisioned pools, those drives are considered bound drives. If a bound drive is
removed or the drive becomes faulted, and after a period of five minutes a permanent
hot spare replaces the removed or faulted drive, a DEK is generated for the hot spare,
Management
>
Management
Encryption and, under Manage
>
>
Encryption and, under
>
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the EMC Unity Family and is the answer not in the manual?

Questions and answers

Related Manuals for EMC EMC Unity Family

Related Products for EMC EMC Unity Family

This manual is also suitable for:

Emc unityvsaEmc unity all flashEmc unityhybrid

Table of Contents

Save PDF