Seagate 10K.3 Self-Encrypting Drives for Servers, NAS, and SAN Arrays
Seagate 10K.3 - Savvio 300 GB Hard Drive Manual
UPC - 715663213796
View all Seagate 10K.3 manuals
Add to My Manuals
Save this manual to your list of manuals |
Seagate 10K.3 manual content summary:
- Seagate 10K.3 | Self-Encrypting Drives for Servers, NAS, and SAN Arrays - Page 1
the owner's control. It introduces Self-Encrypting Drives (SED), which may be used in two ways: to provide instant secure erase (cryptographic all drives eventually leave the data center and their owners' control; Seagate estimates that 50,000 drives are retired from data centers daily. Corporate - Seagate 10K.3 | Self-Encrypting Drives for Servers, NAS, and SAN Arrays - Page 2
lost or stolen. • Other companies choose to hire professional disposal services, an expensive option which entails the cost of reconciling the services as well as internal reports and auditing. More troubling, transporting a drive to the service puts the drive's data at risk. Just one lost drive - Seagate 10K.3 | Self-Encrypting Drives for Servers, NAS, and SAN Arrays - Page 3
service that will support the key management requirements for all forms of storage (as well as other security applications). IBM, LSI and Seagate will support when needed. Later, perhaps due to growing concerns over theft, the owner may elect to use the SED in auto-lock mode for the remainder of the - Seagate 10K.3 | Self-Encrypting Drives for Servers, NAS, and SAN Arrays - Page 4
which use ephemeral session encryption keys to encrypt small amounts of data. It may seem that, instead of using this session security technique, encrypting in the from a protected source to an unprotected destination. Such problems result in too much unencrypted sensitive data being written to - Seagate 10K.3 | Self-Encrypting Drives for Servers, NAS, and SAN Arrays - Page 5
Self-Encrypting Drives for Servers, NAS and SAN Arrays Figure 1. Several years ago, before Seagate began working on drive encryption, the United States National Security Agency (NSA) analyzed the problem of data security and determined that the best place to perform encryption is in the hard drive. - Seagate 10K.3 | Self-Encrypting Drives for Servers, NAS, and SAN Arrays - Page 6
to be securely repurposed or returned for service, warranty or expired lease. Auto- removed from the system. A drive may be compromised, but it will never committed to support the Key Self-Encrypting Drives into their solutions, and Seagate is rapidly introducing SEDs across its entire portfolio - Seagate 10K.3 | Self-Encrypting Drives for Servers, NAS, and SAN Arrays - Page 7
Self-Encrypting Drives for Servers, NAS and SAN Arrays Appendix A: Self-Encrypting Drive Technology Newly-Acquired Self-Encrypting Drives Each Self-Encrypting Drive (SED) randomly generates an encryption key in the factory that is embedded on the drive. The SED automatically performs full disk - Seagate 10K.3 | Self-Encrypting Drives for Servers, NAS, and SAN Arrays - Page 8
these authentication keys to the correct drive (see Figure 3). Seagate, IBM and LSI have collaboratively worked to bring together unencrypted data for data compression and de-duplication. A key management service may employ softwareor hardware-based key stores in order to create, assign - Seagate 10K.3 | Self-Encrypting Drives for Servers, NAS, and SAN Arrays - Page 9
across the entire data center, as shown in Figure 4. SelfEncrypting Drives may be in storage arrays, on SANs, NAS and servers, and in data centers, branch offices and small businesses. A unified key management service will support the key management requirements for all forms of storage (as well as - Seagate 10K.3 | Self-Encrypting Drives for Servers, NAS, and SAN Arrays - Page 10
authentication process of a previously secured drive (see Figure 5): Figure 5 1. Authentication • The storage system gets the authentication key from the key management service and sends it to the correct locked drive. • The drive hashes the authentication key and compares the result with the hash - Seagate 10K.3 | Self-Encrypting Drives for Servers, NAS, and SAN Arrays - Page 11
board encryption ASICs entail interoperability challenges with multivendor adapters that do not support on-board encryption. Data encrypted by adapter-mounted Only SEDs eliminate encryption algorithm 11 the correct key may not be readily available is transparent to the system. As drive models - Seagate 10K.3 | Self-Encrypting Drives for Servers, NAS, and SAN Arrays - Page 12
is also becoming interoperable. IBM, LSI and Seagate will support the Key Management Interoperability Protocol submitted to OASIS has protected firmware downloads; an attacker cannot insert modified firmware into the drive. Finally, to further minimize vulnerability to attack, Seagate has put - Seagate 10K.3 | Self-Encrypting Drives for Servers, NAS, and SAN Arrays - Page 13
of this SCSI protocol standard in SAS and Fibre Channel systems allows each is the only solution that supports Protection Information throughout the data path serviceability/warranty. Standardized Technology Lowers Costs The world's top six hard drive vendors (Fujitsu, Hitachi, Samsung, Seagate - Seagate 10K.3 | Self-Encrypting Drives for Servers, NAS, and SAN Arrays - Page 14
on a hard drive. Here are three scenarios of session encryption that may be used: Scenario One There are potential risks with Fibre Channel fabric -based encryption is not required as long as the switches and routers support IPSec data encryption. Fibre Channel technology can only reach a distance of - Seagate 10K.3 | Self-Encrypting Drives for Servers, NAS, and SAN Arrays - Page 15
data over long distances and to support data replication, SAN data device sharing the session security techniques described above, it may seem that encrypting in the fabric to secure Seagate Technology International Ltd. 7000 Ang Mo Kio Avenue 5, Singapore 569877, 65-6485-3888 Seagate Technology SAS
Overview
This paper discusses the challenge of securing data on hard
drives that will inevitably leave the owner’s control. It introduces
Self-Encrypting Drives (SED), which may be used in two ways: to
provide instant secure erase (cryptographic erase or making the
data no longer readable), and to enable auto-locking to secure
active data if a drive is misplaced or stolen from a system while in
use. Two appendices then follow: The first compares SEDs to other
encryption technologies used to secure drive data. The second
provides detailed analysis of instant secure erase and auto-lock
SED technology, explaining how SEDs are used in servers, NAS and
SAN arrays, virtualized environments, RAIDs, JBODs and discrete
drives.
Introduction
When hard drives are retired and moved outside the physically
protected data center into the hands of others, the data on those
drives is put at significant risk. IT departments routinely retire drives
for a variety of reasons, including:
•
Returning drives for warranty, repair or expired lease agreements
•
Removal and disposal of drives
•
Repurposing drives for other storage duties
Nearly all drives eventually leave the data center and their owners’
control; Seagate estimates that 50,000 drives are retired from data
centers daily. Corporate data resides on such drives, and when
most leave the data center, the data they contain is still readable.
Even data that has been striped across many drives in a RAID array
is vulnerable to data theft, because just a typical single stripe in
today’s high-capacity arrays is large enough to expose hundreds of
names and social security numbers.
Self-Encrypting Drives for
Servers, NAS and SAN Arrays
Technology Paper