Administrator Guide

Table Of Contents
19
About Self-Encrypting Drives (SEDs) and AutoSED
A self-encrypting drive (SED) performs Advanced Encryption Standard (AES) encryption on all data stored within that drive. SED
hardware handles this encryption in real-time with no impact on performance. To protect your data, a SED will immediately lock itself
whenever it is removed from the array (or otherwise powers down). If the drive is lost or stolen, its contents are inaccessible without
the encryption key.
The Dell AutoSED feature provides the benets of SED security with no eort on the part of the administrator. You do not need to
congure or set up drives, manage encryption, or install a Key Management Service (KMS). Everything is handled by AutoSED.
AutoSED operates at the level of the physical disk drives within an individual member. SEDs cannot be used to encrypt volumes, in
the sense of securing each iSCSI volume with its own key. SEDs also cannot provide security across members, so it is up to the
administrator to ensure that SED members and non-SED members are properly deployed.
Using AutoSED is eortless, but it is important to understand what protection AutoSED provides and what protection it does not
provide.
Central to the AutoSED security model is the concept of a SEDset. Similar to how RAID groups drives into a RAIDset for redundancy,
AutoSED groups drives into a SEDset for security. Each member of a group has one SEDset that spans all active drives in the
member. The SEDset cannot be unlocked unless it is suciently intact, which means that at least half of its drives are present.
Scenarios Covered by AutoSED
Loss of a drive — When a drive leaves the SEDset (whether by failure, removal, or otherwise), the drive immediately locks itself.
Its contents are inaccessible without the encryption key, which is owned by the SEDset. At the same time, the SEDset
immediately resecures itself to exclude the departed drive, preventing access to the key.
Loss of fewer than half the drives — When fewer than half the drives in the SEDset are removed, the SEDset remains intact and
resecures itself to exclude all the removed drives. The removed drives are locked, and have no access to the SEDset key.
Loss of other array components — The SEDset key resides wholly within the drives. The key cannot be found in the ash cards,
channel cards, midplane, chassis, or any other component, including the controllers and controller memory.
Scenarios Not Covered by AutoSED
Loss of the entire array — A SEDset is a self-contained apparatus, which is why the array can unlock itself with no external
assistance. A stolen array will continue to unlock itself, just as it did before it was stolen.
Loss of half the drives — Security might be compromised if half (or more) of the drives are removed at one time. These drives
can be combined into an intact SEDset of their own, which will automatically unlock itself.
Insider attack — Any person who possesses the administrator password can access any volume on the array, or change ACLs to
allow others to do the same. Similarly, a compromised host can access volumes that the host is authorized to access. SED is
irrelevant in these cases.
Data in ight — SEDs provide no protection for data in ight on the network. IPsec should be used to provide secure
connections to the array.
Tampering with array hardware — AutoSED is not resistant to modied rmware, hardware probes and other snooping devices,
or the removal of a drive without loss of power to that drive.
320
About Self-Encrypting Drives (SEDs) and AutoSED