Encryption With Self Encrypting Drive (Sed); Figure 38 Data Encryption With Self Encrypting Drives (Sed) - Fujitsu ETERNUS AF250 Design Manual

All-flash arrays

Hide thumbs Also See for ETERNUS AF250:

Setup manual (12 pages)

User manual (423 pages)

Configuration manual (171 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

page of 171

/ 171
Contents
Table of Contents
Bookmarks

Table of Contents

Function

Data Encryption

Encryption with Self Encrypting Drive (SED)

An SED has a built-in encryption function and data can be encrypted by controlling the encryption function of an

SED from the controller. An SED uses encryption keys when encrypting and storing data. Encryption keys cannot

be taken out of the drive. Furthermore, because SEDs cannot be decrypted without an authentication key, infor-

mation cannot be leaked from drives which have been replaced during maintenance, even if they are not physi-

cally destroyed.

Once an SED authentication key is registered to an ETERNUS AF, additional configuration on encryption is not

necessary each time a drive is added.

Data encryption by SED has no load on the controller for encryption process, and the equivalent data access per-

formance to unencrypted process can be ensured.

Figure 38 Data Encryption with Self Encrypting Drives (SED)

Access performance is the

same as when non-encrypted

drives are accessed.

ETERNUS AF

The controller performs authentication by using the authentication key that is stored in the controller or by us-

ing the authentication key that is retrieved from the key server to access the drives. For the authentication key

that can be registered in the ETERNUS AF, this key can be automatically created by using the settings in ETER-

NUS Web GUI or ETERNUS CLI.

By linking with the key server, the authentication key of an SED can be managed from the key server. Creating

and storing an authentication key in a key server makes it possible to manage the authentication key more se-

curely.

By consolidating authentication keys for multiple ETERNUS AF storage systems in the key server, the manage-

ment cost of authentication keys can be reduced.

Key management server linkage can be used with an SED authentication key operation.

Only one unique SED authentication key can be registered in each ETERNUS AF.

The firmware data conversion encryption function cannot be used for volumes that are configured with

•

SEDs.

•

If an SED is installed without registering the SED authentication key, data leakage from the SED is possible

when it is physically removed.

Only one key can be registered in each ETERNUS AF. This common key is used for all of the SEDs that are

•

installed. Once the key is registered, the key cannot be changed or deleted. The common key is used to

authenticate RAID groups when key management server linkage is not used.

Self-encrypting drives

Non-self-encrypting drives

FUJITSU Storage ETERNUS AF250 S2, ETERNUS AF250 All-Flash Arrays Design Guide (Basic)

Setting encryption when

adding new drives is not

required.

P3AG-1822-09ENZ0

Table of Contents

This manual is also suitable for:

Eternus af250 s2

Encryption With Self Encrypting Drive (Sed); Figure 38 Data Encryption With Self Encrypting Drives (Sed) - Fujitsu ETERNUS AF250 Design Manual

Encryption with Self Encrypting Drive (SED)

Figure 38 Data Encryption with Self Encrypting Drives (SED)

Related Manuals for Fujitsu ETERNUS AF250

Related Content for Fujitsu ETERNUS AF250

This manual is also suitable for:

Table of Contents