Administrator Guide

NOTE: The FDE tabs are dynamic, and the Clear All FDE Keys option is not available on a secured system until the

current passphrase is entered in the Current Passphrase field. (If you do not have a passphrase, the Clear All FDE Keys

option is not displayed. If you have a passphrase but have not entered it, you can view but not access this option.) If

there is no passphrase, set one using the procedure in Setting the passphrase.

Clear lock keys

Performing the steps to clear the lock keys:

1. In the System topic, select Action > Full Disk Encryption.

The Full Disk Encryption panel opens with the FDE General Configuration tab selected.

2. Enter the passphrase in the Current Passphrase field.

3. In the Secure System section, click the Secure button.

4. Click Clear.

A dialog box appears.

5. Perform one of the following:

• To clear the lock keys for the system, click OK.

• To cancel the request, click Cancel.

Securing the system

An FDE-capable system must be secured to enable FDE protection.

The FDE tabs are dynamic, and the Secure option is not available until the current passphrase is entered in the Current Passphrase field.

(If you do not have a passphrase, the Secure option is not displayed. If you have a passphrase but have not entered it, you can view but

not access this option.) If there is no passphrase, set one using the procedure in Setting the passphrase.

Perform the following steps to secure the system:

1. In the System topic, select Action > Full Disk Encryption.

The Full Disk Encryption panel opens with the FDE General Configuration tab selected.

2. Type the passphrase in the Current Passphrase field.

3. Click Secure.

A message displays confirming that the system is in a secure state.

Repurposing the system

You can repurpose a system to erase all data on the system and return its FDE state to unsecure.

CAUTION: Repurposing a system erases all disks in the system and restores the FDE state to unsecure.

Repurposing disks

You can repurpose a disk that is no longer part of a disk group.

Repurposing a disk resets the encryption key on the disk, deleting all data on the disk. After a disk is repurposed in a secured system, the

disk is secured using the system lock key ID and the new encryption key on the disk, making the disk usable to the system.

Repurposing a disk in an unsecured system removes all associated lock keys and makes that disk available to any system.

CAUTION:

Repurposing a disk changes the encryption key on the disk and deletes all data on the disk. Repurpose a disk

only if you no longer need the data on the disk.

Setting import lock key IDs

You can set the passphrase associated with an import lock key to unlock FDE-secured disks that are inserted into the system from a

different secure system. If the correct passphrase is not entered, the system cannot access data on the disk.

After importing disks into the system, the disks will now be associated with the system lock key ID and data will no longer be accessible

using the import lock key. This effectively transfers security to the local system passphrase.

Working in the System topic