Administrator Guide
1. In the AMW toolbar, select Storage Array > Security > Physical Disk Security > Save Key.
The Save Security Key File - Enter Pass Phrase window is displayed.
2. Edit the default path by adding a file name to the end of the path or click Browse, navigate to the required folder and enter the name
of the file.
3. In Pass phrase, enter a string for the pass phrase.
The pass phrase must meet the following criteria:
• It must be between eight and 32 characters long.
• It must contain at least one uppercase letter.
• It must contain at least one lowercase letter.
• It must contain at least one number.
• It must contain at least one non-alphanumeric character (for example, < > @ +).
The pass phrase that you enter is masked.
4. In Confirm pass phrase, re-enter the exact string you entered in Pass phrase.
Make a record of the pass phrase you entered. You need it for later secure operations.
5. Click Save.
6. Make a record of the security key identifier and the file name from the Save Security Key Complete dialog, and click OK.
Validate security key
A file in which a security key is stored is validated through the Validate Security Key dialog. To transfer, archive, or back up the security
key, the RAID controller module firmware encrypts (or wraps) the security key and stores it in a file. You must provide a pass phrase and
identify the corresponding file to decrypt the file and recover the security key.
Data can be read from a security enabled physical disk only if a RAID controller module in the storage array provides the correct security
key. If security enabled physical disks are moved from one storage array to another, the appropriate security key must also be imported to
the new storage array. Otherwise, the data on the security enabled physical disks that were moved is inaccessible.
Unlocking secure physical disks
You can export a security enabled disk group to move the associated physical disks to a different storage array. After you install those
physical disks in the new storage array, you must unlock the physical disks before data can be read from or written to the physical disks.
To unlock the physical disks, you must supply the security key from the original storage array. The security key on the new storage array is
different and cannot unlock the physical disks.
You must supply the security key from a security key file that was saved on the original storage array. You must provide the pass phrase
that was used to encrypt the security key file to extract the security key from this file.
Erasing secure physical disks
In the AMW, when you select a security enabled physical disk that is not part of a disk group, the Secure Erase menu item is enabled on
the Physical Disk menu. You can use the secure erase procedure to re-provision a physical disk. You can use the Secure Erase option if you
want to remove all of the data on the physical disk and reset the physical disk security attributes.
CAUTION:
Possible loss of data access—The Secure Erase option removes all of the data that is currently on the
physical disk. This action cannot be undone.
Before you complete this option, make sure that the physical disk that you have selected is the correct physical disk. You cannot recover
any of the data that is currently on the physical disk.
After you complete the secure erase procedure, the physical disk is available for use in another disk group or in another storage array. See
help topics for more information about the secure erase procedure.
Configuring hot spare physical disks
Guidelines to configure host spare physical disks:
CAUTION:
If a hot spare physical disk does not have Optimal status, follow the Recovery Guru procedures to correct the
problem before you try to unassign the physical disk. You cannot assign a hot spare physical disk if it is in use—taking
over for a failed physical disk.
Disk groups, standard virtual disks, and thin virtual disks 71