Configuration: Disk Groups and Virtual Disks 117
The pass phrase that you enter is masked.
NOTE: Create Key is active only if the pass phrase meets the above mentioned
criterion.
5
In
Confirm pass phrase
, re-enter the exact string that you entered in
Pass
phrase
.
Make a record of the pass phrase that you entered and the security key
identifier that is associated with the pass phrase. You need this
information for later secure operations.
6
Click
Create Key
.
7
Make a record of the security key identifier and the file name from the
Create Security Key Complete
dialog, and click
OK
.
After you have created a security key, you can create secure disk groups from
security capable physical disks. Creating a secure disk group makes the
physical disks in the disk group security-enabled. Security-enabled physical
disks enter Security Locked status whenever power is re-applied. They can be
unlocked only by a RAID controller module that supplies the correct key
during physical disk initialization. Otherwise, the physical disks remain
locked, and the data is inaccessible. The Security Locked status prevents any
unauthorized person from accessing data on a security-enabled physical disk
by physically removing the physical disk and installing the physical disk in
another computer or storage array.
Changing a Security Key
When you change a security key, a new security key is generated by the
system. The new key replaces the previous key. You cannot view or read the
key. However, a copy of the security key must be kept on some other storage
medium for backup in case of system failure or for transfer to another storage
array. A pass phrase that you provide encrypts and decrypts the security key
for storage on other media. When you change a security key, you also provide
information to create a security key identifier. Changing the security key does
not destroy any data. You can change the security key at any time.
Before you change the security key, ensure that:
• All virtual disks in the storage array are in Optimal status.
• In storage arrays with two RAID controller modules, both are present and
working normally.
book.book Page 117 Wednesday, May 26, 2010 2:14 PM