Administrator Guide
the Physical Disk type pane are security enabled, and none of the selected physical disk is part of a disk group, the Secure Erase option is
displayed in the Hardware menu.
The storage array password protects a storage array from potentially destructive operations by unauthorized users. The storage array
password is independent from self encrypting disk, and should not be confused with the pass phrase that is used to protect copies of a
security key. However, it is good practice to set a storage array password.
Creating a security key
When you create a security key, it is generated by and securely stored by the array. You cannot read or view the security key. A copy of
the security key must be kept on some other storage medium for backup in case of system failure or for transfer to another storage array.
A pass phrase that you provide is used to encrypt and decrypt the security key for storage on other media.
When you create a security key, you also provide information to create a security key identifier. Unlike the security key, you can read or
view the security key identifier. The security key identifier is also stored on a physical disk or transportable media. The security key
identifier is used to identify which key the storage array is using.
To create a security key:
1. In the AMW, from the menu bar, select Storage Array > Security > Physical Disk Security > Create Key.
2. Perform one of these actions:
• If the Create Security Key dialog is displayed, go to step 6.
• If the Storage Array Password Not Set or Storage Array Password Too Weak dialog is displayed, go to step 3.
3. Choose whether to set (or change) the storage array password at this time.
• Click Yes to set or change the storage array password. The Change Password dialog is displayed. Go to step 4.
• Click No to continue without setting or changing the storage array password. The Create Security Key dialog is displayed. Go to
step 6.
4. In New password, enter a string for the storage array password. If you are creating the storage array password for the first time,
leave Current password blank. Follow these guidelines for cryptographic strength when you create the storage array password:
• The password should be between eight and 30 characters long.
• The password should contain at least one uppercase letter.
• The password should contain at least one lowercase letter.
• The password should contain at least one number.
• The password should contain at least one non-alphanumeric character, for example, < > @ +.
5. In Confirm new password, re-enter the exact string that you entered in New password.
6. In Security key identifier, enter a string that becomes part of the secure key identifier.
You can enter up to 189 alphanumeric characters without spaces, punctuation, or symbols. Additional characters are generated
automatically and is appended to the end of the string that you enter. The generated characters help to ensure that the secure key
identifier is unique.
7. Enter a path and file name to save the security key file by doing one of the following:
• Edit the default path by adding a file name to the end of the path.
• Click Browse to navigate to the required folder, then add a file name to the end of the path.
8. In Pass phrase dialog box, enter a string for the pass phrase.
The pass phrase must:
• be between eight and 32 characters long
• contain at least one uppercase letter
• contain at least one lowercase letter
• contain at least one number
• contain at least one non-alphanumeric character, for example, < > @ +
The pass phrase that you enter is masked.
NOTE: Create Key is active only if the pass phrase meets the preceding mentioned criterion.
9. In the Confirm pass phrase dialog box, re-enter the exact string that you entered in the Pass phrase dialog box.
Make a record of the pass phrase that you entered and the security key identifier that is associated with the pass phrase. You need
this information for later secure operations.
10. Click Create Key.
Disk groups, standard virtual disks, and thin virtual disks
69