1. Manuals
  2. Brands
  3. Fujitsu Manuals
  4. Storage
  5. ETERNUS DX100 S4
  6. Design manual

Encryption With Self Encrypting Drive (Sed); Figure 36 Data Encryption With Self Encrypting Drives (Sed) - Fujitsu ETERNUS DX100 S4 Design Manual

Hybrid storage systems
Hide thumbs Also See for ETERNUS DX100 S4:
Table of Contents

Advertisement

2.
Basic Functions
Data Encryption

Encryption with Self Encrypting Drive (SED)

An SED has a built-in encryption function and data can be encrypted by controlling the encryption
function of an SED from the controller. An SED uses encryption keys when encrypting and storing
data. Encryption keys cannot be taken out of the drive. Furthermore, because SEDs cannot be de-
crypted without an authentication key, information cannot be leaked from drives which have been
replaced during maintenance, even if they are not physically destroyed.
Once an SED authentication key is registered to an ETERNUS DX, additional configuration on en-
cryption is not necessary each time a drive is added.
Data encryption by SED has no load on the controller for encryption process, and the equivalent
data access performance to unencrypted process can be ensured.

Figure 36 Data Encryption with Self Encrypting Drives (SED)

Access performance is the
same as when non-encrypted
drives are accessed.
ETERNUS DX
The controller performs authentication by using the authentication key that is stored in the control-
ler or by using the authentication key that is retrieved from the key server to access the drives. For
the authentication key that can be registered in the ETERNUS DX, this key can be automatically
created by using the settings in ETERNUS Web GUI or ETERNUS CLI.
By linking with the key server, the authentication key of an SED can be managed from the key serv-
er. Creating and storing an authentication key in a key server makes it possible to manage the au-
thentication key more securely.
By consolidating authentication keys for multiple ETERNUS DX storage systems in the key server,
the management cost of authentication keys can be reduced.
Key management server linkage can be used with an SED authentication key operation.
Only one unique SED authentication key can be registered in each ETERNUS DX.
The firmware data conversion encryption function cannot be used for volumes that are config-
ured with SEDs.
Register the SED authentication key (common key) before installing SEDs in the ETERNUS DX.
If an SED is installed without registering the SED authentication key, data leakage from the SED
is possible when it is physically removed.
Only one key can be registered in each ETERNUS DX. This common key is used for all of the
SEDs that are installed. Once the key is registered, the key cannot be changed or deleted. The
common key is used to authenticate RAID groups when key management server linkage is not
used.
Fujitsu Storage ETERNUS DX100 S4/DX200 S4, ETERNUS DX100 S3/DX200 S3 Hybrid Storage Systems Design Guide (Basic)
Setting encryption when
adding new drives is not
required.
Self-encrypting drives
Non-self-encrypting drives
65
Copyright 2023 Fujitsu Limited
P3AM-7642-32ENZ0
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading

Related Manuals for Fujitsu ETERNUS DX100 S4

Related Content for Fujitsu ETERNUS DX100 S4

This manual is also suitable for:

Eternus dx200 s4Eternus dx100 s3Eternus dx200 s3

Table of Contents