ASRock X99 Extreme11 LSI Mega RAID Storage Manager Guide - Page 137
Enabling Drive Security Using EKM
View all ASRock X99 Extreme11 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 137 highlights
This section describes how to enable, change, and disable drive security, and how to import a foreign configuration using the SafeStore Encryption Services advanced software. The SafeStore Encryption Services advanced software provides drive security to create secure virtual drives by using the External Key Management (EKM) and the Local Key Management (LKM). • Enabling Drive Security Using EKM • Enabling Drive Security Using LKM Enabling Drive Security Using EKM EKM is used for key management when a large number of systems are deployed. You can automate and manage the life cycle of keys and unlock configurations using EKM. Another important feature of EKM is that you can use EKM without human intervention to perform operations like drive migration and controller replacement. MegaRAID accomplishes the task of obtaining keys by interacting with the EKM agent. The EKM agent talks to the EKM server (EKMS) through a network and gets the security key for the controller. Keys are retrieved or created to perform the following tasks. • Create secure virtual drives. • Insert drives to replace failed drives in a secure configuration. • Re-key the system based on EKMS policies or user request. • Gain access to a secured configuration during boot. • Unlock and import secured drives during migration. You can perform the following configurations to enable the drive security to create secure virtual drives using the EKM mode with the support of EKM servers. • EKM mode is supported by the MegaRAID Storage Manager software and EKMS is present. • EKM mode is supported by the MegaRAID Storage Manager software and EKMS is not present. • Change current security settings or switch between modes. • Change security settings when the user is in EKM and wants to switch to LKM. • Import Foreign Drives. Supporting EKM Mode When you choose EKM for drive security, and decide to configure when EKM mode is supported, and EKMS is present, the application responds to different behaviors based on the scenarios that take place at that particular time. The first scenario occurs when EKM is enabled, and the second scenario occurs when EKM is enabled and EKMS is present. The details of these scenarios are described further in this section. Perform the following steps to configure, EKM mode is supported, and EKMS is present. 1. Select the Physical tab in the left panel of the MegaRAID Storage Manager window, and select a controller icon. DB09-000202-05 37857-02 Using the MegaRAID Advanced Software Rev. F - May 2011 Copyright © 2011 by LSI Corporation. All rights reserved. Page 137