3.1
Overview
Chapter 3
Full Disk Encryption
This chapter describes the Full Disk Encryption (FDE) feature and
consists of the following sections:
•
Section 3.1, "Overview"
•
Section 3.2, "Purpose"
•
Section 3.3, "Terminology"
•
Section 3.4, "Workflow"
The Full Disk Encryption feature offers the ability to encrypt data on
drives and use disk-based key management to provide data security.
This solution provides data protection in the event of theft or loss of
physical drives. With self-encrypting drives, if you remove a drive from its
storage system or the server it is housed in, the data on that drive is
encrypted and useless to anyone who attempts to access without the the
appropriate security authorization.
With the FDE feature, data is encrypted by the drives. You can designate
which data to encrypt at the individual virtual disk (VD) level.
Any encryption solution requires management of the encryption keys.
The security feature provides a way to manage these keys. Both the
WebBIOS Configuration Utility
Drive Definition
Screen") and MegaRAID Storage Manager
"Selecting Full Disk Encryption Security
you can use to manage the security settings for the drives.
MegaRAID SAS Software User Guide
(Section Figure 4.5, "WebBIOS Virtual
Options") offer procedures that
(Section 8.2,
3-1