Firmware Data Encryption
The firmware in the ETERNUS DX has the firmware data encryption function. This function encrypts a volume
when it is created, or converts a created volume into an encrypted volume.
Because data encryption with firmware is performed with the controller in the ETERNUS DX, the performance is
degraded, comparing with unencrypted data access.
The encryption method can be selected from the world standard AES-128, the world standard AES-256, and the
Fujitsu Original Encryption method. The Fujitsu Original Encryption method that is based on AES technology uses
a Fujitsu original algorithm that has been specifically created for ETERNUS DX storage systems. The Fujitsu
Original Encryption method has practically the same security level as AES-128 and the conversion speed for the
Fujitsu Original Encryption method is faster than AES. Although AES-256 has a higher encryption strength than
AES-128, the Read/Write access performance degrades. If importance is placed upon the encryption strength,
AES-256 is recommended. However, if importance is placed upon performance or if a standard encryption
method is not particularly required, the Fujitsu Original Encryption method is recommended.
Figure 36
Firmware Data Encryption
ETERNUS DX
Server A
Server B
Server C
Cannot be decoded
Encrypted
Encryption
setting for each LUN.
Unencrypted
Encryption is performed when data is written from the cache memory to the drive. When encrypted data is read,
the data is decrypted in the cache memory. Cache memory data is not encrypted.
For Standard volumes, SDVs, SDPVs, and WSVs, encryption is performed for each volume. For TPVs and FTVs,
encryption is performed for each pool.
Caution
•
Before the firmware data encryption function is used, the encryption mode of the ETERNUS DX must be
enabled (*1).
*1:
This means that the encryption mode is set to "Fujitsu Original Encryption" or "AES".
•
The encryption method for encrypted volumes cannot be changed. Encrypted volumes cannot be
changed to unencrypted volumes.
To change the encryption method or cancel the encryption for a volume, back up the data in the
encrypted volume, delete the encrypted volume, and restore the backed up data.
•
The encryption method of a firmware encrypted pool (TPP or FTRP) cannot be changed regardless of
whether the volume is registered to a pool.
•
It is recommended that the copy source volume and the copy destination volume use the same
encryption method for Remote Advanced Copy between encrypted volumes.
2. Basic Functions
Data Encryption
84
Design Guide
Содержание ETERNUS DX S5 Series
Страница 335: ......