Chapter 15. Disk Security with Full Disk Encryption drives
455
Draft Document for Review March 28, 2011 12:24 pm
7914FDE.fm
appear. See Figure 15-9 on page 459 The description of the warning will include suggestions
about how the password can be made stronger.
The security key and the security key identifier are encrypted using a different password or
pass phrase when the key is created or changed (see 15.3.2, “Secure key creation” on
page 458 and 15.4.1, “Changing the security key” on page 466). The array then returns a file
that is called a
blob
, or key backup. If the array needs that key later, you give the blob and
pass phrase to the GUI, which sends it down to the array where the original key is decrypted.
The user-specified alphanumeric character string is not stored anywhere on the DS3500 or in
the security key backup file.
15.3 Setting up and enabling a secure disk
This section shows a step-by-step process to create a key and file on the IBM Disk Encryption
Storage Manager of the DS3500. It will then show how to enable a previously configured
array that has FDE drives. The following Figure 15-4 shows a system without FDE enabled
Figure 15-4 System without FDE enabled
15.3.1 FDE and premium feature check
There are a number of checks to make prior to key creation. First, you must check that the
premium feature key has been applied to the system. To do this task, from the Storage
Manager window, select Storage Subsystem
Premium Features.
Figure 15-5 on page 456 shows that the Drive Security premium feature key has been
obtained and successfully installed. This premium feature key is installed the same as any
Summary of Contents for DS3500
Page 2: ......
Page 5: ...iii Draft Document for Review March 28 2011 12 24 pm 7914edno fm ...
Page 789: ......