Administrator Guide

Table Of Contents
About Self-Encrypting Drives (SED)
SEDs (self-encrypting drives) are disk drives that use an encryption key to secure the data stored on the disk. This encryption
protects the PS series array from data theft when a drive is removed from the array.
SED operates across all disks in an array at once. If one drive in a RAID set is removed from the array, a new set of encryption key
shares is generated automatically and shared among the remaining disks. If a second drive is removed from the same RAID set,
another set of encryption key shares is generated.
SED drives are congured at the factory. When the drives are installed into an array, the array automatically detects the new SED
drives and locks them. This process is automatic; the GUI has no user controls for SED.
All of the drives in an array, including spares, must be of the same type and model, and must be running PS Series rmware 6.0 or
higher. A SED drive installed into a mixed-disk conguration, or a conguration containing unencrypted drives, operates as an
unencrypted disk. Likewise, a pool consisting of all SED drives might replicate to a pool with only a few SED drives or no SED drives
at all.
NOTE: SED drives are identied in the GUI with a gold key icon.
How Key Shares Work
Each array has an overall shared encryption key that protects data on all of the disks in that array.
The shared encryption key is not stored in any one location on the array. Instead, the key is divided into portions called key shares.
The number of key shares generated corresponds to the number of drives in the array (except for spares or other drives not used by
the array). The key shares are distributed across all non-spare disks used in the RAID conguration. If your array has n non-spare
disks, you must have (n+1)/2 of the key shares to unlock the data on the disks. If you are missing one or more of the key shares, you
will not be able to recover the data.
You can back up the disk encryption key shares. Key shares are backed up in groups of three les. To unlock the array, you need to
supply two backup shares. Under normal operation, the keys are not necessary because the data is redundant; however; they might
be useful in the event that a disk needs to be sent to a data recovery service. Use the Maintenance tab to back up the disk
encryption key shares.
How Self-Encryption Protects Data
To understand how SED protects your data, you should understand the types of threats to data that SED cannot protect against.
Each individual drive has its own secure PIN, which is local to that drive and not shared. If a drive fails, this PIN is needed to unlock
and recover the information on that drive. All drives also have the key shares. During normal operation, the data redundancy across
the array prevents individual drives from becoming single points of failure.
SED protects against data theft in the following circumstances:
Loss or physical removal of fewer than half of the drives installed in an array (not counting the spares). This number includes
drives that are removed for reuse elsewhere, as well as drives lost due to theft. The SED key remains secure and the disk
encryption remains unbroken as long as more than half of the drives remain in the array.
“Cold memory” attacks that attempt to extract data from system DRAM by powering down the array or removing the drive. SED
immediately erases any data in DRAM when power is lost.
Because SED drives are congured and shipped from the factory, SED protects the entire drive immediately. You cannot
congure individual volumes for self-encryption.
CAUTION: You must have (
n
+1)/2 of the current key shares to unlock the array, if the array has
n
drives installed. If you
lose the keys, then the data on the drive will be irrevocably lost.
SED cannot protect against the following threats:
About Self-Encrypting Drives (SEDs) and AutoSED
321