Chapter 5 Basic Functions
5.2 Security
An authentication key that is used to access data in specific RAID groups can be set up in the key server.
RAID groups that use the same authentication key must be registered in the key server. Authentication for
access to the registered RAID groups is performed by acquiring the key from the key server when an ETERNUS
DX Disk storage system is started. Multiple RAID groups can be registered in a key group. Note that only one
key group can be created in each ETERNUS DX Disk storage system. Only one authentication key can be
specified for each key group.
The Key Management Interoperability Protocol (KMIP), which is a standard protocol for key management, is
used for key management server linkage. Note that ETERNUS SF KM is required when linking with the key
management server.
Figure 5.8 Key server
Operation server
ETERNUS DX Disk storage system
RAID group
RAID group
Global HS
•
SEDs (RAID group) that are not registered in a key server are encrypted by using the authentication key
(common key) that is stored in the ETERNUS DX Disk storage system.
•
A hot spare cannot be registered in a key group.
For Global Hot Spares, an authentication key can be specified according to the setting of the key group for
the RAID groups when a Global Hot Spare is configured as a secondary drive for the RAID groups that are
registered in the key group.
For Dedicated Hot Spares, an authentication key can be specified according to the setting of the key
group for the target RAID group when a Dedicated Hot Spare is registered.
•
When using the key management server linkage function, the firmware version of the ETERNUS DX Disk
storage system must be V10L46 or later. The firmware version can be checked via ETERNUS Web GUI or
ETERNUS CLI. When upgrading firmware is required, contact your sales representative.
An ETERNUS DX Disk storage
system uses the authentication key
that is stored in the key server in order
to unlock the encryption.
RAID group
Key group
Common key
ETERNUS DX80 S2/DX90 S2 Disk storage system Overview
Copyright 2013 FUJITSU LIMITED
Key server
Key group
Exclusive
authentication
key for a group
59
P3AM-4812-11ENZ0