Chapter 3
Basic Functions
3.4
Security
3.4.2
User Authentication
Internal Authentication and External Authentication are available as logon authentication methods.
Internal Authentication uses the user account information that is registered in the ETERNUS DX to perform
logon authentication.
External Authentication uses the user account information that is registered on the RADIUS server.
An authentication with a server certificate is performed when an https connection is used with SSL/TLS to
connect to ETERNUS Web GUI. Password authentication and client public key authentication are available
when SSH is used to connect to ETERNUS CLI.
3.4.3
Data Encryption
Encrypting data as it is being written to the drive prevents information leakage caused by fraudulent decod-
ing.
Even if a drive is removed and stolen by malicious third parties, data cannot be decoded.
This function only encrypts the data stored on the drives, so server access results in the transmission of plain
text.
Therefore, this function does not prevent data leakage from server access. It only prevents data leakage from
drives that are physically removed.
The following two types of data encryption are supported:
Self Encrypting Drive
•
The encryption function of a Self Encrypting Drive (SED) is used to encrypt data. The encryption method is
AES.
An SED uses an encryption key when encrypting and writing data. An encryption key cannot be extracted
from the encryption drive.
By linking with the key server, the authentication key of an SED can be managed from the key server. Cre-
ating and storing an authentication key in a key server makes it possible to manage the authentication
key more securely.
•
Firmware data encryption
Data is encrypted on a volume basis by the controllers (CMs) of the ETERNUS DX. Data is encrypted and
unencrypted in the cache memory when data is written or read.
AES (*1) or Fujitsu Original Encryption can be selected as the encryption method. The Fujitsu Original En-
cryption method uses a Fujitsu original algorithm that has been specifically created for ETERNUS DX stor-
age systems.
*1: AES (Advanced Encryption Standard: Federal Information Processing Standards) method
FUJITSU Storage ETERNUS DX500 S3/DX600 S3 Disk storage system Overview
Copyright 2015 FUJITSU LIMITED
41
P3AM-7702-14ENZ0