White Papers
16 Dell PS Series Architecture: Self Encrypting Drive Management with PS Series Storage Arrays | TR1093
No. Every drive in the member has been securely erased. The data has been cryptographically destroyed.
Recovery is impossible.
What if the entire array is stolen?
Security is compromised. The array will unlock itself when it boots, as it did before it was stolen.
What if the grpadmin password is stolen?
Security is compromised. The adversary can simply connect to the array over the network and read the data.
Is it safe to discard or return a locked SED?
Yes. Any data that was written to the drive will be locked and inaccessible. When you return a drive to Dell,
the only information that remains readable are its operating statistics (S.M.A.R.T. data), the RAID type that
the drive was used in, and drive hardware error logs.
Can I add SEDs to a non-SED array, or vice versa?
No. Do not ever mix SEDs and non-SEDs in the same array. If mixed drives are detected while the array is
booting, the array will halt until the incorrect drives are removed. If mixed drives are detected while the array
is operating, the incorrect drives will be shown as unauthorized.
Does an SED system use RAID also?
Yes. Each drive in a SED-equipped array is managed by both AutoSED and RAID. The SEDset governs the
locking of data, and the RAIDset governs the data itself.
Does SED encrypt individual volumes?
No. SEDs cannot be used to encrypt individual volumes, in the sense of securing each iSCSI volume with its
own key. AutoSED operates at the level of the physical disk drives within an individual member.
If I create a new set of backup units, does this invalidate the previous set of backup units?
No. Generating a new set of backup units does not affect previously-created backup sets. To invalidate
previous backup sets, refer to the Safeguarding the key backup topic.