Table of Contents
Advertisement
Quick Links
Advertisement
Table of Contents
Related Manuals for Digistor Citadel K Series
Summary of Contents for Digistor Citadel K Series
- Page 1 Citadel K Series SSD User Manual and Multi-Drive Version Installation Guide...
- Page 2 Use of the full Citadel SSD product is subject to all of the terms and conditions of this User Manual and the above referenced License. ® DIGISTOR (collectively, the “Trademarks”) are trademarks owned by CDSG and are protected under trademark law. This User Manual does not grant any user of this document any right to use any of the Trademarks.
-
Page 3: Table Of Contents
Citadel K Series SSD User Manual and Multi-Drive Version Installation Guide Table of Contents 1. Introduction ..........................5 1.1. Safety Information ......................5 2. Drive Installation ........................6 2.1. M.2 SSDs (NVMe or SATA) ................... 6 2.2. 2.5-inch SATA SSD ....................... 7 3. - Page 4 Citadel K Series SSD User Manual and Multi-Drive Version Installation Guide 5.6.9. Export Configuration ..................38 5.6.10. Update Disclaimer ..................39 5.7. Logs ........................... 40 5.7.1. Activity Log ...................... 40 5.7.2. Login Log ......................41 5.7.3. Exception Log ....................42 5.7.4.
-
Page 5: Introduction
This User Manual will help you install mulitple Citadel K Series SSDs into your system, install the PBA soft- ware, and how to log in. It also includes instructions for using the PBA's Management Console, including managing users and user roles and configuring the PBA for smart card or password access. -
Page 6: Drive Installation
Remove the screw from the SSD slot you intend to use if there is one present. Insert your Citadel K Series SSD into an open M.2 slot in your computer. Be sure to align the notch(es) on the gold contacts of the SSD module with the notch(es) on the empty slot. -
Page 7: Inch Sata Ssd
Citadel K Series SSD User Manual and Multi-Drive Version Installation Guide 2.2. 2.5-INCH SATA SSD Insert your Citadel K Series SSD into an open 2.5-inch drive bay in your computer (Figure 1). Then secure the Citadel SSD with four screws (Figure 2) or via the computer chassis' built-in tension clip. -
Page 8: Install The Pba Software
These instructions will show you how to create a bootable USB thumb drive, when to install your operating system or virtual machine during the PBA software installation process, how to activate the DIGISTOR Citadel SSD's PBA capability, as well as how to log in using the PBA software. -
Page 9: Configure Uefi/Bios Settings
Citadel K Series SSD User Manual and Multi-Drive Version Installation Guide You now have a bootable thumb drive. If you require more help, please contact Technical Support. See Product Support, page 3.3. CONFIGURE UEFI/BIOS SETTINGS You will need to properly configure your BIOS or UEFI in order to properly boot from the thumb drive. To do so, follow the instruction set below that's applicable to your situation. - Page 10 Citadel K Series SSD User Manual and Multi-Drive Version Installation Guide If you have an option to allow OPAL hard drive SID authentication, be sure to enable it. Navigate to "System Configuration > SATA Operation" and change it to AHCI.
-
Page 11: Install An Operating System Or Virtual Environment
Citadel K Series SSD User Manual and Multi-Drive Version Installation Guide 3.4. INSTALL AN OPERATING SYSTEM OR VIRTUAL ENVI- RONMENT Install any operating system (OS) or virtual machine (VM) at this time. If you need to turn on a Trusted Platform Module (TPM), Virtualization Support, or Trusted Execution, you can turn them on in the UEFI. - Page 12 Citadel K Series SSD User Manual and Multi-Drive Version Installation Guide Use the following command syntax to install the PBA software on the primary SSD with a chained pre-boot authentication on the secondary SSDs. Please note that the following text is case sensitive: CipherDriveInstaller -d <primary SSD location>,<secondary SSD location A>,<secondary SSD...
-
Page 13: First Time Login
The Management Console allows you to manage users and settings for the PBA software. DIGISTOR also recommends using a proper, secure password and to not use the Adminis- trator account for everyday use. -
Page 14: Pre-Boot Authentication Interface
Citadel K Series SSD User Manual and Multi-Drive Version Installation Guide 5. PRE-BOOT AUTHENTICATION INTERFACE The PBA Interface consists of the Login Screen and the Management Console, which you can optionally choose to enter from the Login Screen instead of booting into your computer's operating system or virtual machine. -
Page 15: Logging In With A Smart Card
Citadel K Series SSD User Manual and Multi-Drive Version Installation Guide 5.1.2. LOGGING IN WITH A SMART CARD Power the computer on. The computer will boot into the Citadel SSD's pre-boot authorization screen. Insert the smart card into the card reader. -
Page 16: Logging In With Two-Factor Authentication
Citadel K Series SSD User Manual and Multi-Drive Version Installation Guide 5.1.3. LOGGING IN WITH TWO-FACTOR AUTHENTICATION When two-factor authentication (also called multi-factor authentication) is enabled, the user is required to use both the password and smart card login methods. -
Page 17: Logging Out
Citadel K Series SSD User Manual and Multi-Drive Version Installation Guide Click the Login button. You will now be logged in. WARNING If you've enabled this setting without having an account set up with both a password and smart card, you will be unable to log in or access the Settings Console. You will need to use the Administrator Backdoor method to log in or access Settings Console. -
Page 18: User
Citadel K Series SSD User Manual and Multi-Drive Version Installation Guide NOTE Admin and Security Officer accounts can view the successful and failed attempts of all users. 5.4. USER The "User" screen allows you to add a new user account, delete an account, or modify an existing account. -
Page 19: Add A User
Citadel K Series SSD User Manual and Multi-Drive Version Installation Guide 5.4.2. ADD A USER ADD A PASSWORD USER On the "User" screen, click the Add button. Make sure the Password tab is selected. Enter a unique username for the user account in the Username field. -
Page 20: Add A Smart Card User
Citadel K Series SSD User Manual and Multi-Drive Version Installation Guide A new window will pop up. Enter your password in the appropriate field and click Continue to verify that you have registered the credentials correctly. The user account is now ready for use. -
Page 21: Add A Two-Factor User
Citadel K Series SSD User Manual and Multi-Drive Version Installation Guide Re-enter the PIN into the Confirm PIN field. Select the user role from the Assign Role drop-down box. Enter the email address to be associated with the user account in the Email field. -
Page 22: Bulk Import Users
Citadel K Series SSD User Manual and Multi-Drive Version Installation Guide • If a password will be your primary authentication, follow the instructions for adding a Password user. See Add a Password User, page • If a smart card will be your primary authentication, follow the instructions for adding a Smart Card user. -
Page 23: How To Create A Bulk User Import File
Citadel K Series SSD User Manual and Multi-Drive Version Installation Guide NOTE Sometimes the "Open" dialog box will display the root of the computer system instead of the contents of the thumb drive. If this happens to you, open the /mnt folder and then open the folder inside corresponding to the thumb drive to find its contents. -
Page 24: Edit A User
Citadel K Series SSD User Manual and Multi-Drive Version Installation Guide 5.4.3. EDIT A USER EDIT A PASSWORD USER On the "User" screen, locate the user account you wish to edit and then click the Edit button next to it. -
Page 25: Edit A Smart Card User
Citadel K Series SSD User Manual and Multi-Drive Version Installation Guide EDIT A SMART CARD USER On the "User" screen, locate the user account you wish to edit and then click the Edit button next to it. If you are a Login User you can only edit your own account. -
Page 26: Settings
Citadel K Series SSD User Manual and Multi-Drive Version Installation Guide 5.5. SETTINGS 5.5.1. CONFIGURATION The "Configuration" page allows you to view and customize the following settings that determine how the Citadel SSD PBA behaves. When you are finished, click the Save button to save your changes. - Page 27 Citadel K Series SSD User Manual and Multi-Drive Version Installation Guide • Password History: The number of previously used unique passwords that should be remembered by the system before a user can use the same password again. • Remember Me: Select Yes to enable usernames to be remembered in between sessions. Select No to disable this behavior.
-
Page 28: Maintenance
Citadel K Series SSD User Manual and Multi-Drive Version Installation Guide Check the Chainboot type 1 box to enable this setting. Once this option is enabled, the PBA will display the kernels available for chain-loading after you log in. Select the kernel and click OK. -
Page 29: Change Dek
Citadel K Series SSD User Manual and Multi-Drive Version Installation Guide The "Erase Disk" screen lets a Security Officer erase everything on the protected drive(s) and resets them to the factory default state without the Pre-Boot Authentication (PBA) software installed. This screen is only visible to users with the "Security Officer"... -
Page 30: Change Ak
Citadel K Series SSD User Manual and Multi-Drive Version Installation Guide NOTE This operation may also be called "SED Gen Key" or "Crypto-Erase" elsewhere. On the "Maintenance" > "Change DEK" screen, enter your password into the password field. Click the Change DEK button. -
Page 31: Generate A License Request
Citadel K Series SSD User Manual and Multi-Drive Version Installation Guide processing by a licensing agent on the network or by manually giving the file to an administrator who will process the file and send back a file with an activation key. -
Page 32: Upgrade License
Citadel K Series SSD User Manual and Multi-Drive Version Installation Guide UPGRADE LICENSE Using a computer, place the license file you saved from a previous installation or received from Technical Support onto a USB thumb drive formatted as FAT32. Insert the thumb drive into the computer with the Citadel SSD installed in it. -
Page 33: Via The Settings Console
Citadel K Series SSD User Manual and Multi-Drive Version Installation Guide VIA THE SETTINGS CONSOLE Go to digistor.com/citadel-downloads and download the latest version of the Citadel PBA software that you have a license for. Open the ZIP file containing the PBA software you downloaded from digistor.com/citadel-downloads... -
Page 34: Via Command Line
Citadel K Series SSD User Manual and Multi-Drive Version Installation Guide The Citadel SSD will now be upgraded. After the upgrade is complete, the computer will power off. VIA COMMAND LINE CREATE A BOOTABLE USB THUMB DRIVE Insert a USB thumb drive into your computer. - Page 35 Citadel K Series SSD User Manual and Multi-Drive Version Installation Guide Continually press the key for accessing your motherboard's boot menu while the computer starts up. The key to access it differs on different models, but the most common keys are F2, F10, F12, or Esc.
-
Page 36: Temporarily Deactivate The Pba
Citadel K Series SSD User Manual and Multi-Drive Version Installation Guide 5.6.7. TEMPORARILY DEACTIVATE THE PBA The Citadel SSD PBA software can be temporarily disabled by an authorized administrator to allow mainte- nance of the computer's OS. This may be necessary for OS updates that require multiple reboots, or when you need uninterrupted booting and reading from a USB thumb drive or CD. -
Page 37: Uninstall The Pba Software
Citadel K Series SSD User Manual and Multi-Drive Version Installation Guide 5.6.8. UNINSTALL THE PBA SOFTWARE You can completely uninstall the Citadel SSD PBA software, which will completely remove all settings, users, and files from the SSD. WARNING DIGISTOR does not recommend performing this action unless a Technical Support agent directs you to do so. -
Page 38: Export Configuration
Citadel K Series SSD User Manual and Multi-Drive Version Installation Guide 5.6.9. EXPORT CONFIGURATION The "Export Configuration" feature is used to deploy a large number of devices with the same configuration on all of them. The configuration file includes both users and settings and will be named "CDExportDB". -
Page 39: Update Disclaimer
Citadel K Series SSD User Manual and Multi-Drive Version Installation Guide 5.6.10. UPDATE DISCLAIMER You can upload your own Disclaimer text using the Update Disclaimer Screen. This text displays on the first boot of a Citadel protected device, right before you enter the Login Screen. -
Page 40: Logs
Citadel K Series SSD User Manual and Multi-Drive Version Installation Guide 5.7. LOGS 5.7.1. ACTIVITY LOG The "Activity Log" screen includes every log that exists in the Citadel SSD PBA software's database. To access the "Activity Log" screen, click on Logs on the left-hand menu and then click on Activity Log. -
Page 41: Login Log
Citadel K Series SSD User Manual and Multi-Drive Version Installation Guide • Failed to edit user • User deleted Maintenance Messages • Incorrect JSON data for import users 5.7.2. LOGIN LOG The "Login Log" screen includes successful and unsuccessful login and logout events of the Citadel SSD. -
Page 42: Exception Log
Citadel K Series SSD User Manual and Multi-Drive Version Installation Guide 5.7.3. EXCEPTION LOG The "Exception Log" screen includes all failed actions. To access the "Exception Log" screen, click on Logs on the left-hand menu and then click on Exception Log. -
Page 43: Admin Log
Citadel K Series SSD User Manual and Multi-Drive Version Installation Guide 5.7.4. ADMIN LOG The "Admin Log" screen includes all administator actions carried out by the administrator on their account. To access the "Admin Log" screen, click on Logs on the left-hand menu and then click on Admin Log. -
Page 44: Latest Log
Citadel K Series SSD User Manual and Multi-Drive Version Installation Guide 5.7.5. LATEST LOG The "Latest Log" screen includes all logs generated for the current day. To access the "Admin Log" screen, click on Logs on the left-hand menu and then click on Latest Log. -
Page 45: Purge Log
Citadel K Series SSD User Manual and Multi-Drive Version Installation Guide Maintenance Messages • Incorrect JSON data for import users 5.7.6. PURGE LOG The "Purge Log" screen allows Security Officer users to delete logs by date range and/or username. Click on the Start Date text box. You'll be shown a pop-up calendar. Click on your desired start date for the date range you want to search within. -
Page 46: Log Filter
Citadel K Series SSD User Manual and Multi-Drive Version Installation Guide 5.7.7. LOG FILTER You can sort and filter the display of logs by date and/or username with the log filter. This feature is available on all log screens except the "Purge Log" screen. -
Page 47: Disk Information
Citadel K Series SSD User Manual and Multi-Drive Version Installation Guide 5.8. DISK INFORMATION The "Disk Information" screen shows a list of available disks installed on the computer and displays each one's device name, serial number, and protection status. -
Page 48: Other Features
Citadel K Series SSD User Manual and Multi-Drive Version Installation Guide 6. OTHER FEATURES 6.1. DEAD MAN'S SWITCH OPERATION The Dead Man's Switch is used when a threatened user wants to destroy the disk authentication keys and make the protected drives' contents impossible to recover. For example, when user is threatened by a man with a gun and is pressured to login. -
Page 49: Deploy The Same Configuration Across Multiple Systems
Citadel K Series SSD User Manual and Multi-Drive Version Installation Guide Click the Next button. The Smart Card login screen will now appear. Skip selecting a username or entering your PIN. Instead, click the Login button. You will now be logged into the Management Console on the Administrator account. Now you can disable two-factor authentication if necessary by going to "Settings"... -
Page 50: Reset A Citadel Ssd
Citadel K Series SSD User Manual and Multi-Drive Version Installation Guide CAUTION If you have multiple drives, you must ensure you are using the correct Linux boot path for the replacement drive (examples: /nvme1, /sdb) for your Citadel SSD. To do so, type sedutil-cli --scan and press Enter. -
Page 51: Download The Pba Software
Citadel K Series SSD User Manual and Multi-Drive Version Installation Guide 6.4.1. DOWNLOAD THE PBA SOFTWARE Visit digistor.com/citadel-downloads and choose the full installation of the PBA software that you have a license for. NOTE Do not download the Citadel Activation software. This software is used to activate brand new Citadel SSD's. -
Page 52: How To Boot Into The Thumb Drive
Citadel K Series SSD User Manual and Multi-Drive Version Installation Guide You now have a bootable thumb drive. If you require more help, please contact Technical Support. See Product Support, page 6.4.3. HOW TO BOOT INTO THE THUMB DRIVE Ensure that the computer is turned off. -
Page 53: Reactivate The Citadel Ssd
Product Support, page 60). 6.5. REACTIVATE THE CITADEL SSD If you have temporarily deactivated your Citadel K Series SSD, you can reactivate it by following these instructions. NOTE If you wish to temporarily deactivate the PBA software on the Citadel SSD and keep its... -
Page 54: How To Boot Into The Thumb Drive
Citadel K Series SSD User Manual and Multi-Drive Version Installation Guide Open the ZIP file containing the PBA software you downloaded from digistor.com/citadel-activation extract the folder inside to your computer's desktop. Navigate into the folder you extracted and copy the contents to the thumb drive, including any individual files as well as the “EFI”... - Page 55 Citadel K Series SSD User Manual and Multi-Drive Version Installation Guide The software will activate the pre-boot authentication and will automatically shut down the computer when finished. Remove the USB thumb drive and reboot the system. The Citadel K Series SSD has been activated!
-
Page 56: Troubleshooting
7.1. HOW TO RECOVER YOUR PBA SOFTWARE LICENSE FILE If you had to wipe the Citadel K Series SSD, your PBA software will require reinstallation. However, before you can unlock the full functionality of the PBA software you must install the license file. -
Page 57: How To Replace A Bad Secondary Ssd
Citadel K Series SSD User Manual and Multi-Drive Version Installation Guide 11. Send "CDO_Key.txt" to your DIGISTOR tech support along with an explanation of why you are request- ing recovery of your license file. They will return a copy of your permanent license file in 3-5 days that's keyed to your system configuration. -
Page 58: Create A Bootable Usb Thumb Drive
Citadel K Series SSD User Manual and Multi-Drive Version Installation Guide NOTE <new ssd location> refers to the drive path of the SSD that is replacing the bad SSD (Examples: /dev/nvme1, /dev/sda, /dev/sdb). <password> is the Administrator password and it is case-sensitive. <passphrase> is the passphrase you placed on your database when you exported it. - Page 59 Citadel K Series SSD User Manual and Multi-Drive Version Installation Guide You now have a bootable thumb drive. If you require more help, please contact Technical Support. See Product Support, page...
-
Page 60: Product Support
Citadel K Series SSD User Manual and Multi-Drive Version Installation Guide 8. PRODUCT SUPPORT Your investment in DIGISTOR products is backed up by our free technical support for the lifetime of the product. Contact us through our website, digistor.com/support or call us at 1-408-796-5140.
Need help?
Do you have a question about the Citadel K Series and is the answer not in the manual?
Questions and answers