White Papers
17 Dell PS Series Architecture: Self Encrypting Drive Management with PS Series Storage Arrays | TR1093
C Key terms and glossary
Key terms
Term
Definition and usage
Location and
management
How it is generated
Media
Encryption Key
Required to encrypt and
decrypt data
Resides on & managed
by the drive.
It is never transferred
from the drive.
Every drive has its own
unique encryption key.
Generated by the drive at
the manufacturer, then
regenerated at the
customer site if used with
the instant secure erase
feature.
Access key
Needed to unlock a drive.
Automatically provided to
the drives by AutoSED, or
manually using the backup
units.
Resides on the drives in a
hashed form, managed by
AutoSED.
Created and managed
automatically by PS Series
AutoSED.
C.1 Glossary
Data-at-rest – Data recorded on the storage media.
Data-in-motion – Data in transit between two nodes.
Data-in-use – Data being used by a person, an application or an operating system.
Instant secure erase – This feature also permanently changes the Media Encryption Key so the drive can be
re-used or re-purposed. After instant secure erase is performed, the data previously written to the drive
becomes unreadable. The data has been cryptographically erased.
Local key management – Management of the keys and key linkage between the storage array and the
SEDs that it contains (as opposed to an external Key Management System).
Locked drive – An SED in which security has been enabled and the drive has been unexpectedly removed
from the storage array, or powered down. Data on the drive cannot be read from or written to until the
appropriate Access Key is provided.
Re-purpose – Changes the drive from a secured state to an unsecured state so that it can be safely used for
another purpose. This task is accomplished using the instant secure erase feature.
Security-capable drive – A SED that is capable of encryption. (However, this type of drive may not reflect its
true status -- it can be either enabled or disabled).
Security-enabled drive – Security on a SED is enabled.
Unlocked – Data on a drive is accessible for all read and write operations.