Table of Contents
Advertisement
About Secure Data
Secure Data is a licensed feature that provides data‐at‐rest encryption with key
management. Using Secure Data to manage SEDs requires an external key management
server. If a key management server has not been configured or is unavailable, you can
manage FIPS SEDs into a Secure Data folder, however the disks remain in a pending state
until the key management server is available.
Each FIPS disk in Storage Center has an internal Media Encryption Key (MEK). The key
resides on the disk, providing encryption for data written to the disk and decryption for
data as it is read from the disk. Destroying the key makes any data on the disk immediately
and permanently unreadable, a process referred to as a crypto erase. When you add an SED
to, or release an SED from a Secure Data folder, the MEK is destroyed and a new key is
generated. This allows the disk to be reused, although all previous data is lost.
Note: Because disks that contain user data cannot be moved from a Secure Data
folder, Storage Center does not crypto erase disks that contain user data.
To protect data at rest, all SEDs in a Secure Data disk folder lock when power is removed
(Lock on Reset enabled). When power is removed from the drive, the drive cannot be
unlocked without access to the authority credential stored in the key management server.
Dell Compellent
Complete the Startup Wizard
131
- Quick Links:
- Controllers
Hide quick links:
Advertisement
Chapters
Table of Contents
