22
Installing the enclosures
The procedures for using the FDE feature, such as securing the system, viewing disk FDE status, and
clearing and importing keys are performed using the web-based SMC application or CLI commands (see
the Storage Manager Guide or the CLI Reference Guide for more information).
NOTE:
When moving FDE-capable disk drive modules for a disk group, stop I/O to any disk groups
before removing the disk drive modules. Follow the “Removing a disk drive module” and “Installing a disk
drive module” procedures within the CRU Installation and Replacement Guide. Import the keys for the disks
so that the disk content becomes available.
While replacing or installing FDE-capable disk drive modules, consider the following:
•
If you are installing FDE-capable disk drive modules that do not have keys into a secure system, the
system will automatically secure the disks after installation. Your system will associate its existing key
with the disks, and you can transparently use the newly-secured disks.
•
If the FDE-capable disk drive modules originate from another secure system, and contain that system’s
key, the new disks will have the Secure, Locked status. The data will be unavailable until you enter the
passphrase for the other system to import its key. Your system will then recognize the metadata of the
disk groups and incorporate it. The disks will have the status of Secure, Unlocked and their contents will
be available:
• To view the FDE status of disks, use the SMC or the
show fde-state
CLI command.
• To import a key and incorporate the foreign disks, use the SMC or the
set fde-import-key
CLI
command.
NOTE:
If the FDE-capable disks contain multiple keys, you will need to perform the key importing
process for each key to make the content associated with each key become available.
•
If you do not want to retain the disks’ data, you can repurpose the disks. Repurposing disks deletes all
disk data, including lock keys, and associates the current system’s lock key with the disks.
To repurpose disks, use the SMC or the
set disk
CLI command.
•
You need not secure your system to use FDE-capable disks. If you install all FDE-capable disks into a
system that is not secure, they will function exactly like disks that do not support FDE. As such, the data
they contain will not be encrypted. If you decide later that you want to secure the system, all of the disks
must be FDE-capable.
•
If you install a disk module that does not support FDE into a secure system, the disk will have the
Unusable status and will be unavailable for use.
•
If you are re-installing your FDE-capable disk drive modules as part of the process to replace the
chassis-and-midplane CRU, you must insert the original disks and re-enter their FDE passprhase (see the
CRU Installation and Replacement Guide
for more information).
Connecting the controller enclosure and drive enclosures
Lenovo Storage S3200/S2200 controller enclosures support these maximum configurations:
•
S3200 enclosures—available in 24-drive (2.5") or 12-drive (3.5") chassis—support up to eight
enclosures (including the controller enclosure), or a maximum of 192 disk drives.
•
S2200 enclosures—available in 24-drive (2.5") or 12-drive (3.5") chassis—support up to four
enclosures (including the controller enclosure), or a maximum of 96 disk drives.
The S3200/S2200 enclosures support both
straight-through
and
reverse
SAS cabling. Reverse cabling
allows any drive enclosure to fail—or be removed—while maintaining access to other enclosures. Fault
tolerance and performance requirements determine whether to optimize the configuration for high
availability or high performance when cabling. The S3200/S2200 controller modules support both
3-Gbps and 6-Gbps internal disk drive speeds together with 3-Gbps and 6-Gbps expander link speeds.