Manualshelf

White Papers

ManualsBrandsDell ManualsConverged InfrastructureStorage Solution Resources
12345678910
8 Dell PS Series Architecture: Self Encrypting Drive Management with PS Series Storage Arrays | TR1093
2.2 Instant Secure Erase
Another security method available with SEDs is Instant Secure Erase (ISE). Alternative methods, such as
degaussing each drive or simply overwriting the data with zeros, are available to permanently erase this data.
However, these methods are often expensive, slow or do not provide complete data erasure.
Typically, whenever an SED populated array is reset to factory default condition, each drive in the array is
instructed to destroy the stored encrypted MEK, and then lock itself. At this point, a new randomly generated
MEK is created by and stored on the drive. Without the original MEK, there is no way to decode the already
encrypted data on the drive. Another common occurrence of ISE is when a failing drive is preemptively copied
to a spare drive and then removed from use (failed) by the PS Series firmware. After the copy-to-spare action
occurs, the failing drive undergoes an ISE so that it may be safely returned to the manufacturer under
warranty.
Instant Secure Erase Process
As shown in Figure 2, instant secure erase prompts the SED to permanently erase the current media
encryption key and replace it with a new key randomly generated within the drive. When the media encryption
key is changed, any data that has been written to the drive using the previous key cannot be decoded by the
new media encryption key, in so doing all of the data is rendered unusable. Data that was encrypted with the
previous media encryption key is therefore cryptographically destroyed.