Figure 40 Key Management Server Linkage - Fujitsu ETERNUS AF250 Design Manual

All-flash arrays

Hide thumbs Also See for ETERNUS AF250:

Setup manual (12 pages)

User manual (423 pages)

Configuration manual (171 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

page of 171

/ 171
Contents
Table of Contents
Bookmarks

Table of Contents

Function

Data Encryption

Function

Key renewal (auto/manual)

Key compromise (*1)

Key backup

Target RAID groups

*1: The key becomes unavailable in the key server.

*2: The SED key group must be enabled after a pool or REC Disk Buffer is created, or after a pool capacity is

expanded.

An authentication key to access data of the RAID groups that are registered in a key group can be managed by

the key server.

RAID groups that use the same authentication key must be registered in the key group in advance.

Authentication for accessing the RAID groups that are registered in the key group is performed by acquiring the

key automatically from the key server when an ETERNUS AF is started.

As a key server for the key management server linkage, use a server that has the key management software

"ETERNUS SF KM" installed. IBM Security Key Lifecycle Manager can also be used as the key management soft-

ware.

Figure 40 Key Management Server Linkage

Business server

RAID group

Global hot spare

SEDs (RAID group) that are not registered in a key server are encrypted by using the authentication key (com-

mon key) that is stored in the ETERNUS AF.

A hot spare cannot be registered in a key group.

For Global Hot Spares, an authentication key can be specified according to the setting of the key group for the

RAID groups when a Global Hot Spare is configured as a secondary drive for the RAID groups that are registered

in the key group.

For Dedicated Hot Spares, an authentication key can be specified according to the setting of the key group for

the target RAID group when a Dedicated Hot Spare is registered.

SED authentication key

RAID groups (Standard, WSV, SDV), REC Disk Buffers, SDPs, TPPs, FTRPs, and

FTSPs (*2)

An ETERNUS AF uses the authentication key

that is stored in the key server in order to

unlock the encryption.

ETERNUS AF

RAID group

Key group

Common key

FUJITSU Storage ETERNUS AF250 S2, ETERNUS AF250 All-Flash Arrays Design Guide (Basic)

Key Management Server Linkage

Yes

Key server

Key group

Exclusive

authentication

key for a group

P3AG-1822-09ENZ0

Table of Contents

This manual is also suitable for:

Eternus af250 s2

Figure 40 Key Management Server Linkage - Fujitsu ETERNUS AF250 Design Manual

Figure 40 Key Management Server Linkage

Related Manuals for Fujitsu ETERNUS AF250

Related Content for Fujitsu ETERNUS AF250

This manual is also suitable for:

Table of Contents