Manualshelf

Administrator Guide

ManualsBrandsDell ManualsConverged InfrastructureSecurity Solution Resources
11121314151617181920
Technical support and resources
ID 483
3.4.1 iDRAC Credential Vault
The iDRAC service processor provides a secure storage memory that protects various sensitive data such as
iDRAC user credentials and private keys for self-signed SSL certificates. The Credential Vault is another
example of silicon-based security. The memory is encrypted with a unique immutable root key that is
programmed into each iDRAC chip at the time of manufacture. This check protects against physical attacks
where the attacker unsolders the chip to gain access to the data.
3.4.2 Local Key Managements (LKM)
Current PowerEdge servers provide users the ability to secure SED drives connected to a PowerEdge RAID
Controller (PERC) controller using Local Key Management.
LKM helps ensure that user data protection is safe, even when a drive is stolen. The SED must be locked with
a separate key so that it does not decrypt user data unless that key is provided. This key is the Key
Encryption Key (KEK). A user sets a key ID or passphrase on the PERC controller to which the SED is
connected. The PERC controller generates a KEK using the passphrase and uses it to lock the SED. When
the drive is powered on, it comes up as a locked SED. The drive encrypts and decrypts user data only when
the KEK is provided to unlock it. The PERC provides the KEK to the drive to unlock it. If the drive is stolen, it
comes up as “Locked.” the user data is protected. It is termed Local as the passphrase and the KEK are
stored locally on the PERC. The following diagram shows the LKM solution.