Administrator Guide
Hot spare operation
When a physical disk fails, the virtual disk automatically rebuilds using an available hot spare. When a replacement physical disk is installed,
data from the hot spare is copied back to the replacement physical disk. This function is called copy back. By default, the RAID controller
module automatically configures the number and type of hot spares based on the number and capacity of physical disks in your system.
A hot spare may have the following states:
• A standby hot spare is a physical disk that has been assigned as a hot spare and is available to take over for any failed physical disk.
• An in-use hot spare is a physical disk that has been assigned as a hot spare and is currently replacing a failed physical disk.
Hot spare physical disk protection
You can use a hot spare physical disk for additional data protection from physical disk failures that occur in a RAID Level 1, or RAID Level 5
disk group. If the hot spare physical disk is available when a physical disk fails, the RAID controller module uses consistency data to
reconstruct the data from the failed physical disk to the hot spare physical disk. When you have physically replaced the failed physical disk,
a copyback operation occurs from the hot spare physical disk to the replaced physical disk. If there are secure disk groups and security
capable disk groups in the storage array, the hot spare physical disk must match the security capability of the disk group. For example, a
non-security capable physical disk cannot be used as a hot spare for a secure disk group.
NOTE: For a security capable disk group, security capable hot spare physical disks are preferred. If security capable
physical disks are not available, non-security capable physical disks may be used as hot spare physical disks. To ensure
that the disk group is retained as security capable, the non-security capable hot spare physical disk must be replaced
with a security capable physical disk.
If you select a security capable physical disk as hot spare for a non-secure disk group, a dialog box is displayed indicating that a security
capable physical disk is being used as a hot spare for a non-secure disk group.
The availability of enclosure loss protection for a disk group depends on the location of the physical disks that comprise the disk group.
The enclosure loss protection might be lost because of a failed physical disk and location of the hot spare physical disk. To make sure that
enclosure loss protection is not affected, you must replace a failed physical disk to initiate the copyback process.
The virtual disk remains online and accessible while you are replacing the failed physical disk, because the hot spare physical disk is
automatically substituted for the failed physical disk.
Physical disk security
Physical Disk Security is a feature that prevents unauthorized access to the data on a physical disk that is physically removed from the
storage array. A security-capable physical disk encrypts data during writes and decrypts data during reads using a unique encryption key.
Security-capable physical disks can be either Self-Encrypting Disk (SED) or Federal Information Processing Standard (FIPS) physical disks.
To implement Physical Disk Security, perform the following steps:
1. Equip your storage array with security-capable physical disks—either SED physical disks or FIPS physical disks.
2. Create a security key that is used by the controller to provide read/write access to the physical disks.
3. Create a security-enabled disk pool or disk group.
NOTE:
All SED physical disks supported on MD34xx/MD38xx are FIPS certified. For details, see the
Supported physical
disk
section in the
Dell PowerVault MD Series Support Matrix
at Dell.com/powervaultmanuals.
NOTE: When a disk pool or disk group is secured, the only way to remove security is to delete the disk pool or disk
group. Deleting the disk pool or disk group deletes all the data in the virtual disks that it contains.
Controllers in the storage array have a security key. Secure physical disks provide access to data only through a controller that has the
correct security key. When you create a secure disk pool or disk group from security-capable physical disks, the physical disks in that disk
pool or disk group become security enabled.
When a security-capable physical disk has been security enabled, the physical disk requires the correct security key from a controller to
read or write the data. All the physical disks and controllers in a storage array share security key. Furthermore, if you have both SED
physical disks and FIPS physical disks, they also share security key. The shared security key provides read and write access to the physical
disks, while the physical disk encryption key on each physical disk is used to encrypt the data. A security-capable physical disk works like
any other physical disk until it is security enabled.
Whenever the power is turned off and turned on again, all the security-enabled physical disks change to a security locked state. In this
state, the data is inaccessible until the correct security key is provided by a controller.
Disk groups, standard virtual disks, and thin virtual disks
73