1. Manuals
  2. Brands
  3. Fujitsu Manuals
  4. Storage
  5. ETERNUS DX S5 Series
  6. Design manual

Encryption With Self Encrypting Drive (Sed); Figure 35 Data Encryption With Self Encrypting Drives (Sed) - Fujitsu ETERNUS DX S5 Series Design Manual

Hybrid
Hide thumbs Also See for ETERNUS DX S5 Series:
Table of Contents

Advertisement

2. Basic Functions
Data Encryption

Encryption with Self Encrypting Drive (SED)

An SED has a built-in encryption function and data can be encrypted by controlling the encryption function of an
SED from the controller. An SED uses encryption keys when encrypting and storing data. Encryption keys cannot
be taken out of the drive. Furthermore, because SEDs cannot be decrypted without an authentication key,
information cannot be leaked from drives which have been replaced during maintenance, even if they are not
physically destroyed.
Once an SED authentication key is registered to an ETERNUS DX, additional configuration on encryption is not
necessary each time a drive is added.
Data encryption by SED has no load on the controller for encryption process, and the equivalent data access
performance to unencrypted process can be ensured.
Figure 35
Data Encryption with Self Encrypting Drives (SED)
Access performance is the
same as when non-encrypted
drives are accessed.
ETERNUS DX
The controller performs authentication by using the authentication key (common key) that is stored in the
controller or by using the authentication key that is retrieved from the key server to access the drives. For the
authentication key that can be registered in the ETERNUS DX, this key can be automatically created by using the
settings in ETERNUS Web GUI or ETERNUS CLI.
By linking with the key server, the authentication key of an SED can be managed from the key server. Creating
and storing an authentication key in a key server makes it possible to manage the authentication key more
securely.
By consolidating authentication keys for multiple ETERNUS DX storage systems in the key server, the
management cost of authentication keys can be reduced.
Key management server linkage can be used with an SED authentication key operation.
Only one unique SED authentication key is registered in each ETERNUS DX.
Caution
The firmware data encryption function cannot be used for volumes that are configured with SEDs.
Note
• The SED authentication key (common key) is registered at the time of shipping, regardless of whether
an SED has been prepared. However, only models that can be installed with SEDs can use the encryption
function with Self Encrypting Drive (SED).
• The common key is used to authenticate RAID groups when key management server linkage is not used.
Setting encryption when
adding new drives is not
required.
Self-encrypting drives
Non-self-encrypting drives
83
Design Guide
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading

Related Manuals for Fujitsu ETERNUS DX S5 Series

Related Content for Fujitsu ETERNUS DX S5 Series

This manual is also suitable for:

Eternus dx100 s5Eternus dx600 s5Eternus dx900 s5Eternus dx200 s5Eternus dx500 s5Eternus dx60 s5

Table of Contents