When you create
a security key, it is generated by and securely stored by the array.
You cannot read or view the security key. A copy of the security key
must be kept on some other storage medium for backup in case of system
failure or for transfer to another storage array. A pass phrase that
you provide is used to encrypt and decrypt the security key for storage
on other media.
When you create a security key, you also provide
information to create a security key identifier. Unlike the security
key, you can read or view the security key identifier. The security
key identifier is also stored on a physical disk or transportable
media. The security key identifier is used to identify which key the
storage array is using.
To create a security key:
In the AMW, from the menu bar, select Storage Array > Security > Physical Disk Security > Create Key.
Perform one of these actions:
If the Create Security Key dialog is displayed,
go to step 6.
If the Storage Array Password Not Set or Storage Array Password Too Weak dialog is displayed,
go to step 3.
Choose whether to set (or change) the storage array password
at this time.
Click Yes to set or change the storage
array password. The Change Password dialog
is displayed. Go to step 4.
Click No to continue without setting or
changing the storage array password. The Create Security
Key dialog is displayed. Go to step 6.
In New password, enter a string
for the storage array password. If you are creating the storage array
password for the first time, leave Current password blank. Follow these guidelines for cryptographic strength when you
create the storage array password:
The password should be between eight and 30 characters long.
The password should contain at least one uppercase letter.
The password should contain at least one lowercase letter.
The password should contain at least one number.
The password should contain at least one non-alphanumeric character,
for example, < > @ +.
In Confirm new password, re-enter
the exact string that you entered in New password.
In Security key identifier, enter
a string that becomes part of the secure key identifier.
You can enter up to 189 alphanumeric characters without spaces,
punctuation, or symbols. Additional characters are generated automatically
and is appended to the end of the string that you enter. The generated
characters help to ensure that the secure key identifier is unique.
Enter a path and file name to save the security key file
by doing one of the following:
Edit the default path by adding a file name to the end of the
path.
Click Browse to navigate to the required
folder, then add a file name to the end of the path.
In Pass phrase dialog box, enter
a string for the pass phrase.
The pass phrase must:
be between eight and 32 characters long
contain at least one uppercase letter
contain at least one lowercase letter
contain at least one number
contain at least one non-alphanumeric character, for example,
< > @ +
The pass phrase that you enter is masked.
NOTE:Create Key is active only if the pass phrase meets the preceding mentioned criterion.
In the Confirm pass phrase dialog
box, re-enter the exact string that you entered in the Pass phrase dialog box.
Make a record of the pass phrase that you entered and the security
key identifier that is associated with the pass phrase. You need this
information for later secure operations.
Click Create Key.
If the Invalid Text Entry dialog
is displayed, select:
Yes — There are errors in the strings that
were entered. The Invalid Text Entry dialog
is displayed. Read the error message in the dialog, and click OK. Go to step 6.
No — There are no errors in the strings
that were entered. Go to step 12.
Make a record of the security key identifier and the file
name from the Create Security Key Complete dialog,
and click OK.
After you
have created a security key, you can create secure disk groups from
security capable physical disks. Creating a secure disk group makes
the physical disks in the disk group security enabled. Security enabled
physical disks enter Security Locked status whenever power is re-applied.
They can be unlocked only by a RAID controller module that supplies
the correct key during physical disk initialization. Otherwise, the
physical disks remain locked, and the data is inaccessible. The Security
Locked status prevents any unauthorized person from accessing data
on a security enabled physical disk by physically removing the physical
disk and installing the physical disk in another computer or storage
array.
Data is not available for the Topic
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\