When you create a security key, it is generated by the controller firmware. The security key is stored in the of the controllers. You cannot see it directly. A copy of the security key must be kept on some other storage medium for
backup in case of controller failure or for transfer to another storage subsystem. A that you provide is used to encrypt and decrypt the security key for storage on other media. Software also might use the
pass phrase in the key generation process, depending on your storage subsystem hardware.
When you create a security key, you also provide information to create a security key identifier. Unlike the security key,
the security key identifier is designed to be human-readable. The security key identifier also is stored on a disk drive or
transportable media. The security key identifier is used to identify which key a controller is using when more than one security
key is present in a storage subsystem. Normally all of the controllers and disk drives in a storage subsystem share the same
security key when the FDE premium feature is used.
To create a security key for the storage subsystem, select Storage Subsystem >> Disk Drive Security >> Create Security Key.
The Create Security Key dialog appears.
Enter a string that becomes part of the secure key identifier.You can leave the field blank or enter up to 189 alphanumeric
characters without white space, punctuation, or symbols. Additional characters will be generated automatically and appended
to the end of the string that you enter. The generated characters help to ensure that the secure key identifier is unique.
In the Pass phrase text box, enter a string for the pass phrase.Keep these guidelines in mind when you create the pass phrase:
The pass phrase must be between eight and 32 characters long.
The pass phrase must contain at least one uppercase letter.
The pass phrase must contain at least one lowercase letter.
The pass phrase must contain at least one number.
The pass phrase must contain at least one non-alphanumeric character, for example, < > @ +.
The characters that you enter will not be readable in the Pass phrase text box.
In the Confirm pass phrase text box, re-enter the exact string that you entered in the Pass phrase text box.
Make a record of the pass phrase that you entered and the security key identifier that is associated with the pass phrase.
You will need this information for later secure operations.
Click Submit.
Did the Save Security Key File dialog appear?
Yes – There are no errors in the strings that you entered. Go to step 8.
No – There are errors in the strings that you entered. The Invalid Text Entry dialog appears. Read the error message in the dialog, and click OK to return to step 2.
Do you want to save the security key file?
Yes – Choose the folder where you want to save the file, enter the file name, and click Save. The Save Security Key Complete dialog appears. Go to step 10.
No – Click Cancel. The Confirm Cancel Operation dialog appears. Go to step 9·
Read the information in the Confirm Cancel Operation dialog, and perform one of these actions:
You do not want to save the security key file – Click Yes. The security key that you created will remain in the controllers, but you will not have access to it through a security
key file for later security operations. You will need to repeat this entire procedure to create a security key before you
can enable security for any disk drives. Go to step 10.
You want to work with the Save Security Key File dialog – Click No to return to step 8.
Make a record of the security key identifier and the file name from the Save Security Key Complete dialog, and click OK.
After you have created a security key, you can create secure arrays from security capable disk drives. Creating a secure array
makes the disk drives in the array . Security-enabled disk drives enter Security Locked status whenever power is re-applied. They can be unlocked only by a controller
that supplies the correct key during disk drive initialization. Otherwise, the disk drives remain locked, and the data is
inaccessible. The Security Locked status prevents any unauthorized person from accessing data on a security-enabled disk drive
by physically removing the disk drive and installing the disk drive in another computer or storage subsystem.