110 Configuration: Disk Groups and Virtual Disks
Physical Disk Security With Self Encrypting Disk
Self encrypting disk (SED) technology prevents unauthorized access to the
data on a physical disk that is physically removed from the storage array. The
storage array has a security key. Self encrypting disks provide access to data
only through an array that has the correct security key.
The self encrypting disk or a security capable physical disk encrypts data
during writes and decrypts data during reads. For more information, see the
PowerVault Modular Disk Storage Manager online help topics.
You can create a secure disk group from security capable physical disks. When
you create a secure disk group from security capable physical disks, the
physical disks in that disk group become security enabled. When a security
capable physical disk has been security enabled, the physical disk requires the
correct security key from a RAID controller module to read or write the data.
All of the physical disks and RAID controller modules in a storage array share
the same security key. The shared security key provides read and write access
to the physical disks, while the physical disk encryption key on each physical
disk is used to encrypt the data. A security capable physical disk works like any
other physical disk until it is security enabled.
Whenever the power is turned off and turned on again, all of the security-enabled
physical disks change to a security locked state. In this state, the data is
inaccessible until the correct security key is provided by a RAID
controller module.
You can view the self encrypting disk status of any physical disk in the storage
array from the Physical Disk Properties dialog. The status information
reports whether the physical disk is:
• Security Capable
• Secure—Security enabled or disabled
• Read/Write Accessible—Security locked or unlocked
You can view the self encrypting disk status of any disk group in the storage
array. The status information reports whether the storage array is:
• Security Capable
•Secure
book.book Page 110 Wednesday, June 8, 2011 5:01 PM