Physical Disk Security with Self Encrypting Disk

Self encrypting disk (SED) technology prevents unauthorized access to the data on a physical disk that is physically removed from the storage array. The storage array has a security key. Self encrypting disks provide access to data only through an array that has the correct security key.

The self encrypting disk or a security capable physical disk encrypts data during writes and decrypts data during reads. For more information, see the PowerVault Modular Disk Storage Manager online help topics.

You can create a secure disk group from security capable physical disks. When you create a secure disk group from security capable physical disks, the physical disks in that disk group become security enabled. When a security capable physical disk has been security enabled, the physical disk requires the correct security key from a RAID controller module to read or write the data. All of the physical disks and RAID controller modules in a storage array share the same security key. The shared security key provides read and write access to the physical disks, while the physical disk encryption key on each physical disk is used to encrypt the data. A security capable physical disk works like any other physical disk until it is security enabled.

Whenever the power is turned off and turned on again, all of the security- enabled physical disks change to a security locked state. In this state, the data is inaccessible until the correct security key is provided by a RAID controller module.

You can view the self encrypting disk status of any physical disk in the storage array from the Physical Disk Properties dialog. The status information reports whether the physical disk is:

Security Capable

Secure—Security enabled or disabled

Read/Write Accessible—Security locked or unlocked

You can view the self encrypting disk status of any disk group in the storage array. The status information reports whether the storage array is:

Security Capable

Secure

104

Configuration: Disk Groups and Virtual Disks

Page 104
Image 104
Dell MD3200, MD3220 owner manual Physical Disk Security with Self Encrypting Disk, 104