Firmware Data Encryption
The firmware in the ETERNUS DX has the firmware data encryption function. This function encrypts a volume
when it is created, or converts a created volume into an encrypted volume.
Because data encryption with firmware is performed with the controller in the ETERNUS DX, the performance is
degraded, comparing with unencrypted data access.
The encryption method can be selected from the world standard AES-128, the world standard AES-256, and the
Fujitsu Original Encryption method. The Fujitsu Original Encryption method that is based on AES technology uses
a Fujitsu original algorithm that has been specifically created for ETERNUS DX storage systems. The Fujitsu Origi-
nal Encryption method has practically the same security level as AES-128 and the conversion speed for the Fujit-
su Original Encryption method is faster than AES. Although AES-256 has a higher encryption strength than
AES-128, the Read/Write access performance degrades. If importance is placed upon the encryption strength,
AES-256 is recommended. However, if importance is placed upon performance or if a standard encryption meth-
od is not particularly required, the Fujitsu Original Encryption method is recommended.
Figure 40 Firmware Data Encryption
ETERNUS DX
Server A
Server B
Server C
Cannot be decoded
Encrypted
Encryption
setting for each LUN.
Unencrypted
Encryption is performed when data is written from the cache memory to the drive. When encrypted data is read,
the data is decrypted in the cache memory. Cache memory data is not encrypted.
For Standard volumes, SDVs, SDPVs, and WSVs, encryption is performed for each volume. For TPVs and FTVs, en-
cryption is performed for each pool.
2. Basic Functions
Data Encryption
68
FUJITSU Storage ETERNUS DX500 S4/DX600 S4, ETERNUS DX500 S3/DX600 S3 Hybrid Storage Systems Design Guide (Basic)
Copyright 2019 FUJITSU LIMITED
P3AM-7722-25ENZ0
Summary of Contents for ETERNUS DX500 S3/DX600 S3
Page 218: ......