Administrator Guide
11. If the Invalid Text Entry dialog is displayed, select:
• Yes — There are errors in the strings that were entered. The Invalid Text Entry dialog is displayed. Read the error message in
the dialog, and click OK. Go to step 6.
• No — There are no errors in the strings that were entered. Go to step 12.
12. Make a record of the security key identifier and the file name from the Create Security Key Complete dialog, and click OK.
After you have created a security key, you can create secure disk groups from security capable physical disks. Creating a secure disk
group makes the physical disks in the disk group security enabled. Security enabled physical disks enter Security Locked status whenever
power is re-applied. They can be unlocked only by a RAID controller module that supplies the correct key during physical disk initialization.
Otherwise, the physical disks remain locked, and the data is inaccessible. The Security Locked status prevents any unauthorized person
from accessing data on a security enabled physical disk by physically removing the physical disk and installing the physical disk in another
computer or storage array.
Changing security key
When you change a security key, a new security key is generated by the system. The new key replaces the previous key. You cannot view
or read the key. However, a copy of the security key must be kept on some other storage medium for backup in system failure or for
transfer to another storage array. A pass phrase that you provide encrypts and decrypts the security key for storage on other media.
When you change a security key, you also provide information to create a security key identifier. Changing the security key does not
destroy any data. You can change the security key at any time.
Before you change the security key, ensure that:
• All virtual disks in the storage array are in Optimal status.
• In storage arrays with two RAID controller modules, both are present and working normally.
To change the security key:
1. In the AMW menu bar, select Storage Array > Security > Physical Disk Security > Change Key.
The Confirm Change Security Key window is displayed.
2. Type yes in the text field, and click OK.
The Change Security Key window is displayed.
3. In Secure key identifier, enter a string that become part of the secure key identifier.
You may leave the text box blank, or enter up to 189 alphanumeric characters without white space, punctuation, or symbols. Additional
characters is generated automatically.
4. Edit the default path by adding a file name to the end of the path or click Browse, navigate to the required folder, and enter the name
of the file.
5. In Pass phrase, enter a string for the pass phrase.
The pass phrase must meet the following criteria:
• It must be between eight and 32 characters long.
• It must contain at least one uppercase letter.
• It must contain at least one lowercase letter.
• It must contain at least one number.
• It must contain at least one nonalphanumeric character—for example, < > @ +.
The pass phrase that you enter is masked.
6. In Confirm pass phrase, re-enter the exact string you entered in Pass phrase.
Make a record of the pass phrase you entered and the security key identifier it is associated with. You need this information for later
secure operations.
7. Click Change Key.
8. Make a record of the security key identifier and the file name from the Change Security Key Complete dialog, and click OK.
Saving a security key
You save an externally storable copy of the security key when the security key is first created and each time it is changed. You can create
additional storable copies at any time. To save a new copy of the security key, you must provide a pass phrase. The pass phrase you
choose does not need to match the pass phrase used when the security key was created or last changed. The pass phrase is applied to
the particular copy of the security key you are saving.
To save the security key for the storage array,
70
Disk groups, standard virtual disks, and thin virtual disks