9.0About self-encrypting drives

Self-encrypting drives (SEDs) offer encryption and security services for the protection of stored data, commonly known as “protection of data at rest.” These drives are compliant with the Trusted Computing Group (TCG) Enterprise Storage Specifications as detailed in Section 3.2.

The Trusted Computing Group (TCG) is an organization sponsored and operated by companies in the computer, storage and digital communications industry. Seagate’s SED models comply with the standards published by the TCG.

To use the security features in the drive, the host must be capable of constructing and issuing the following two SCSI commands:

Security Protocol Out

Security Protocol In

These commands are used to convey the TCG protocol to and from the drive in their command payloads.

9.1Data encryption

Encrypting drives use one inline encryption engine for each port, employing AES-128 data encryption in Cipher Block Chaining (CBC) mode to encrypt all data prior to being written on the media and to decrypt all data as it is read from the media. The encryption engines are always in operation, cannot be disabled, and do not detract in any way from the performance of the drive.

The 32-byte Data Encryption Key (DEK) is a random number which is generated by the drive, never leaves the drive, and is inaccessible to the host system. The DEK is itself encrypted when it is stored on the media and when it is in volatile temporary storage (DRAM) external to the encryption engine. A unique data encryption key is used for each of the drive's possible16 data bands (see Section 9.5).

9.2Controlled access

The drive has two security partitions (SPs) called the "Admin SP" and the "Locking SP." These act as gatekeepers to the drive security services. Security-related commands will not be accepted unless they also supply the correct credentials to prove the requester is authorized to perform the command.

9.2.1Admin SP

The Admin SP allows the drive's owner to enable or disable firmware download operations (see Section 9.4). Access to the Admin SP is available using the SID (Secure ID) password or the MSID (Makers Secure ID) password.

9.2.2Locking SP

The Locking SP controls read/write access to the media and the cryptographic erase feature. Access to the Locking SP is available using the BandMasterX or EraseMaster passwords. Since the drive owner can define up to 16 data bands on the drive, each data band has its own password called BandMasterX where X is the number of the data band (0 through 15).

Constellation ES.2 SAS Product Manual, Rev. D

35

Page 42 Page 44
Page 43
Image 43
Seagate ST33000650SS, ST33000652SS About self-encrypting drives, Data encryption, Controlled access, Admin SP, Locking SP
Page 42 Page 44

ST33000652SS, ST33000650SS, ST33000651SS specifications

The Seagate ST33000651SS, ST33000650SS, and ST33000652SS are high-performance enterprise hard drives designed for demanding storage applications. These models are part of the Seagate Constellation ES series, known for their reliability and performance in server and data center environments.

One of the most notable features of these drives is their capacity. The ST33000651SS and ST33000650SS offer a storage capacity of 3TB, providing ample space for data-intensive applications. The ST33000652SS enhances this with a larger storage option, ensuring that organizations can meet growing data demands without needing frequent upgrades.

These drives utilize a SATA 6Gb/s interface, which allows for high-speed data transfer. This increased bandwidth is essential for applications that rely on rapid access, such as virtualization, cloud computing, and database management systems. Additionally, the drives support Native Command Queuing (NCQ), which enhances performance by optimizing the order in which read and write commands are executed.

Reliability is paramount in enterprise environments, and Seagate addresses this with several technologies designed to minimize downtime. The ST33000651SS and its counterparts feature a 7200 RPM spindle speed, which not only delivers fast access times but also contributes to the overall durability of the drives. They also come with advanced error correction and data integrity features, which safeguard against data loss.

Another important characteristic of these drives is their low power consumption. Operating at an average power usage of 6.0W, they help reduce operational costs, particularly in large-scale deployments. This energy efficiency is essential for organizations looking to maintain sustainability while maximizing performance.

In terms of physical design, these hard drives are built to endure tough conditions typically found in data centers. They come in a standard 3.5-inch form factor, ensuring compatibility with a wide range of servers and storage enclosures. The robust design further enhances their lifespan, making them a sound investment for enterprise storage solutions.

In summary, the Seagate ST33000651SS, ST33000650SS, and ST33000652SS hard drives offer a compelling combination of high capacity, fast data transfer rates, and reliability. Their advanced technologies and energy-efficient design make them ideal choices for enterprises that require dependable and high-performing storage solutions in their IT infrastructure.
Top Page Image Contents