1. Manuals
  2. Brands
  3. Fujitsu Manuals
  4. Storage
  5. ETERNUS DX500 S4/DX600 S4
  6. Design manual

Data Encryption - Fujitsu ETERNUS DX500 S4/DX600 S4 Design Manual

Hide thumbs
Table of Contents

Advertisement

2.
Basic Functions

Data Encryption

Data Encryption
Encrypting data as it is being written to the drive prevents information leakage caused by fraudulent decoding.
Even if a drive is removed and stolen by malicious third parties, data cannot be decoded.
This function only encrypts the data stored on the drives, so server access results in the transmission of plain
text. Therefore, this function does not prevent data leakage from server access. It only prevents data leakage
from drives that are physically removed.
The following two types of data encryption are supported:
Self Encrypting Drive (SED)
This drive type has an encryption function. Data is encrypted when it is written. Encryption using SEDs is rec-
ommended because SEDs do not affect system performance.
SEDs are locked the instant that they are removed from the storage system, which ensures no data is read or
written with these drives. This encryption prevents information leakage from drives that are stolen or replaced
for maintenance. This function also reduces discarding costs because SEDs do not need to be physically de-
stroyed.
Firmware Data Encryption
Data is encrypted on a volume basis by the controllers (CMs) of the ETERNUS DX. Data is encrypted and unen-
crypted in the cache memory when data is written or read.
AES (*1) or Fujitsu Original Encryption can be selected as the encryption method. The Fujitsu Original Encryp-
tion method uses a Fujitsu original algorithm that has been specifically created for ETERNUS DX storage sys-
tems.
*1: Advanced Encryption Standard (AES)
Standard encryption method selected by The National Institute of Standards and Technology (NIST). The
key length of AES is 128 bits, 192 bits, or 256 bits. The encryption strength becomes higher with a longer
key length.
The following table shows the functional comparison of SED and firmware data encryption.
Function specification
Type of key
Encryption unit
Encryption method
Influence on performance
Key management server linkage
FUJITSU Storage ETERNUS DX500 S4/DX600 S4, ETERNUS DX500 S3/DX600 S3 Hybrid Storage Systems Design Guide (Basic)
Self Encrypting Drive (SED)
Authentication key
Drive
AES-256
None (equivalent to unencrypted drives)
Yes
66
Copyright 2019 FUJITSU LIMITED
Firmware data encryption
Encryption key
Volume, Pool
Fujitsu Original Encryption/AES-128/
AES-256
Yes
No
P3AM-7722-25ENZ0
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading

Related Manuals for Fujitsu ETERNUS DX500 S4/DX600 S4

Related Content for Fujitsu ETERNUS DX500 S4/DX600 S4

This manual is also suitable for:

Eternus dx500 s3/dx600 s3

Table of Contents