Creating a security key – Dell PowerVault MD3820f User Manual
Page 94
• A security key is set up for the storage array.
NOTE: The Secure Physical Disks option is inactive if these conditions are not true.
The Secure Physical Disks option is inactive with a check mark to the left if the disk group is already
security enabled.
The Create a secure disk group option is displayed in the Create Disk Group Wizard–Disk Group Name
and Physical Disk Selection dialog. The Create a secure disk group option is active only when these
conditions are met:
• A security key is installed in the storage array.
• At least one security capable physical disk is installed in the storage array.
• All of the physical disks that you selected on the Hardware tab are security capable physical disks.
You can erase security enabled physical disks so that you can reuse the drives in another disk group or in
another storage array. When you erase security enabled physical disks, ensure that the data cannot be
read. When all of the physical disks that you have selected in the Physical Disk type pane are security
enabled, and none of the selected physical disks is part of a disk group, the Secure Erase option is
displayed in the Hardware menu.
The storage array password protects a storage array from potentially destructive operations by
unauthorized users. The storage array password is independent from self encrypting disk, and should not
be confused with the pass phrase that is used to protect copies of a security key. However, it is good
practice to set a storage array password.
Creating A Security Key
When you create a security key, it is generated by and securely stored by the array. You cannot read or
view the security key. A copy of the security key must be kept on some other storage medium for backup
in case of system failure or for transfer to another storage array. A pass phrase that you provide is used to
encrypt and decrypt the security key for storage on other media.
When you create a security key, you also provide information to create a security key identifier. Unlike the
security key, you can read or view the security key identifier. The security key identifier is also stored on a
physical disk or transportable media. The security key identifier is used to identify which key the storage
array is using.
To create a security key:
1.
In the AMW, from the menu bar, select Storage Array → Security → Physical Disk Security → Create
Key.
2. Perform one of these actions:
– If the Create Security Key dialog is displayed, go to step 6.
– If the Storage Array Password Not Set or Storage Array Password Too Weak dialog is displayed,
go to step 3.
3. Choose whether to set (or change) the storage array password at this time.
– Click Yes to set or change the storage array password. The Change Password dialog is displayed.
Go to step 4.
– Click No to continue without setting or changing the storage array password. The Create
Security Key dialog is displayed. Go to step 6.
94