Creating a Security Key

When you create a security key, it is generated by the controller firmware. The security key is stored in the of the controllers. You cannot see it directly. A copy of the security key must be kept on some other storage medium for backup in case of controller failure or for transfer to another storage subsystem. A that you provide is used to encrypt and decrypt the security key for storage on other media. Software also might use the pass phrase in the key generation process, depending on your storage subsystem hardware.

When you create a security key, you also provide information to create a security key identifier. Unlike the security key, the security key identifier is designed to be human-readable. The security key identifier also is stored on a disk drive or transportable media. The security key identifier is used to identify which key a controller is using when more than one security key is present in a storage subsystem. Normally all of the controllers and disk drives in a storage subsystem share the same security key when the FDE premium feature is used.

  1. To create a security key for the storage subsystem, select Storage Subsystem >> Disk Drive Security >> Create Security Key .
    The Create Security Key dialog appears.
  2. Enter a string that becomes part of the secure key identifier.You can leave the field blank or enter up to 189 alphanumeric characters without white space, punctuation, or symbols. Additional characters will be generated automatically and appended to the end of the string that you enter. The generated characters help to ensure that the secure key identifier is unique.
  3. In the Pass phrase text box, enter a string for the pass phrase.Keep these guidelines in mind when you create the pass phrase: The characters that you enter will not be readable in the Pass phrase text box.
  4. In the Confirm pass phrase text box, re-enter the exact string that you entered in the Pass phrase text box.
  5. Make a record of the pass phrase that you entered and the security key identifier that is associated with the pass phrase. You will need this information for later secure operations.
  6. Click Submit.
  7. Did the Save Security Key File dialog appear?
  8. Do you want to save the security key file?
  9. Read the information in the Confirm Cancel Operation dialog, and perform one of these actions:
  10. Make a record of the security key identifier and the file name from the Save Security Key Complete dialog, and click OK.

    After you have created a security key, you can create secure arrays from security capable disk drives. Creating a secure array makes the disk drives in the array . Security-enabled disk drives enter Security Locked status whenever power is re-applied. They can be unlocked only by a controller that supplies the correct key during disk drive initialization. Otherwise, the disk drives remain locked, and the data is inaccessible. The Security Locked status prevents any unauthorized person from accessing data on a security-enabled disk drive by physically removing the disk drive and installing the disk drive in another computer or storage subsystem.

Related Links: