Chapter 5. Expansion units
55
Requires DOT 8.1 minimum
Only allowed with HA (dual node) systems
Provides storage encryption capability (key manager interface)
5.5.2 SED overview
Storage Encryption is the implementation of full disk encryption (FDE) by using
self-encrypting drives from third-party vendors, such as Seagate and Hitachi. FDE refers to
encryption of all blocks in a disk drive, whether by software or hardware. NSE is encryption
that operates seamlessly with Data ONTAP features, such as storage efficiency. This is
possible because the encryption occurs below Data ONTAP as the data is being written to the
physical disk.
5.5.3 Threats mitigated by self-encryption
Self-encryption mitigates several threats. The primary threat model it addresses, per the
Trusted Computing Group (TCG) specification, is the prevention of unauthorized access to
encrypted data at rest on powered-off disk drives. That is, it prevents someone from removing
a shelf or drive and mounting them on an unauthorized system. This security minimizes risk
of unauthorized access to data if drives are stolen from a facility or compromised during
physical movement of the storage array between facilities.
Self-encryption also prevents unauthorized data access when drives are returned as spares
or after drive failure. This security includes cryptographic shredding of data for non-returnable
disk (NRD), disk repurposing scenarios, and simplified disposal of the drive through disk
destroy commands. These processes render a disk unusable. This greatly simplifies the
disposal of drives and eliminates the need for costly, time-consuming physical drive
shredding.
All data on the drives is automatically encrypted. If you do not want to track where the most
sensitive data is or risk it being outside an encrypted volume, use NSE to ensure that all data
is encrypted.
5.5.4 Effect of self-encryption on Data ONTAP features
Self-encryption operates below all Data ONTAP features, such as SnapDrive, SnapMirror,
and even compression and deduplication. Interoperability with these features should be
transparent. SnapVault and SnapMirror are supported, but for data at the destination to be
encrypted, the target must be another self-encrypted system.
The use of SnapLock prevents the inclusion of self-encryption. Therefore, simultaneous
operation of SnapLock and self-encryption is impossible. This limitation is being evaluated for
a future release of Data ONTAP. MetroCluster is not supported because of the lack of support
for the SAS interface. Support for MetroCluster is targeted for a future release of Data ONTAP.
5.5.5 Mixing drive types
In Data ONTAP 8.1, all drives that are installed within the storage platform must be
self-encrypting drives. The mixing of encrypted with unencrypted drives or shelves across a
stand-alone platform or high availability (HA) pair is not supported.
Содержание N Series
Страница 2: ......
Страница 12: ...x IBM System Storage N series Hardware Guide ...
Страница 18: ...xvi IBM System Storage N series Hardware Guide ...
Страница 20: ...xviii IBM System Storage N series Hardware Guide ...
Страница 22: ...2 IBM System Storage N series Hardware Guide ...
Страница 32: ...12 IBM System Storage N series Hardware Guide ...
Страница 52: ...32 IBM System Storage N series Hardware Guide ...
Страница 64: ...44 IBM System Storage N series Hardware Guide ...
Страница 90: ...70 IBM System Storage N series Hardware Guide ...
Страница 122: ...102 IBM System Storage N series Hardware Guide ...
Страница 194: ...174 IBM System Storage N series Hardware Guide ...
Страница 200: ...180 IBM System Storage N series Hardware Guide ...
Страница 224: ...204 IBM System Storage N series Hardware Guide ...
Страница 244: ...224 IBM System Storage N series Hardware Guide ...
Страница 292: ...272 IBM System Storage N series Hardware Guide ...
Страница 298: ...278 IBM System Storage N series Hardware Guide ...
Страница 300: ...280 IBM System Storage N series Hardware Guide ...
Страница 314: ...294 IBM System Storage N series Hardware Guide ...
Страница 326: ...306 IBM System Storage N series Hardware Guide ...
Страница 327: ... Copyright IBM Corp 2012 2014 All rights reserved 307 Part 5 Appendixes Part 5 ...
Страница 328: ...308 IBM System Storage N series Hardware Guide ...
Страница 362: ...342 IBM System Storage N series Hardware Guide ...
Страница 366: ...IBM System Storage N series Hardware Guide IBM System Storage N series Hardware Guide ...
Страница 367: ......