Seagate 15K.2 Self-Encrypting Drives for Servers, NAS, and SAN Arrays
Seagate 15K.2 - Savvio 146.8 GB Hard Drive Manual
UPC - 715663213772
View all Seagate 15K.2 manuals
Add to My Manuals
Save this manual to your list of manuals |
Seagate 15K.2 manual content summary:
- Seagate 15K.2 | Self-Encrypting Drives for Servers, NAS, and SAN Arrays - Page 1
virtualized environments, RAIDs, JBODs and discrete drives. Introduction When hard drives are retired and moved outside the drives • Repurposing drives for other storage duties Nearly all drives eventually leave the data center and their owners' control; Seagate estimates that 50,000 drives - Seagate 15K.2 | Self-Encrypting Drives for Servers, NAS, and SAN Arrays - Page 2
failure. The drawbacks of today's drive retirement practices are both numerous and far-reaching: • Overwriting drive services as well as internal reports and auditing. More troubling, transporting a drive to the service puts the drive's data at risk. Just one lost drive those hard drives performance, - Seagate 15K.2 | Self-Encrypting Drives for Servers, NAS, and SAN Arrays - Page 3
backs up authentication keys. It is a unified key management service that will support the key management requirements for all forms of storage (as well as other security applications). IBM, LSI and Seagate will support the Key Management Interoperability Protocol submitted to OASIS for advancement - Seagate 15K.2 | Self-Encrypting Drives for Servers, NAS, and SAN Arrays - Page 4
not only on the hard drive, but also as it travels through the fabric. But this that cover threats to drive data (whether from database, file or system administrators or from hackers) that arise within the data center. But due to the significant performance degradation and non-scalable changes - Seagate 15K.2 | Self-Encrypting Drives for Servers, NAS, and SAN Arrays - Page 5
and SAN Arrays Figure 1. Several years ago, before Seagate began working on drive encryption, the United States National Security Agency (NSA) analyzed the problem of data security and determined that the best place to perform encryption is in the hard drive. It's a well-known security maxim that - Seagate 15K.2 | Self-Encrypting Drives for Servers, NAS, and SAN Arrays - Page 6
data can be encrypted without performance degradation, there's no need for costly and time-consuming data classification. Self-Encrypting Drives are standards-based for optimal manageability, interoperability and costefficiency, and all major hard drive manufacturers participated in the standards - Seagate 15K.2 | Self-Encrypting Drives for Servers, NAS, and SAN Arrays - Page 7
mismanagement and subsequent data loss. SED technology greatly simplifies repurposing of the drive and disposal. An owner wishing to repurpose a drive simply performs a key erase to replace the encryption key. The drive deletes the encryption key and replaces it with a new encryption key generated - Seagate 15K.2 | Self-Encrypting Drives for Servers, NAS, and SAN Arrays - Page 8
Drives utilizes a key-management service that stores, manages and serves authentication keys, and a storage system that passes these authentication keys to the correct drive (see Figure 3). Seagate transparent to the storage system, which can perform its traditional functions normally. In Figure 3, - Seagate 15K.2 | Self-Encrypting Drives for Servers, NAS, and SAN Arrays - Page 9
across the entire data center, as shown in Figure 4. SelfEncrypting Drives may be in storage arrays, on SANs, NAS and servers, and in data centers, branch offices and small businesses. A unified key management service will support the key management requirements for all forms of storage (as well - Seagate 15K.2 | Self-Encrypting Drives for Servers, NAS, and SAN Arrays - Page 10
key management service and sends it to the correct locked drive. • The drive hashes the transfers, with encryption and decryption transparently occurring in the background. Once the drive is put in auto-lock mode, it can be put back into secure erase-only mode only after a secure erase is performed - Seagate 15K.2 | Self-Encrypting Drives for Servers, NAS, and SAN Arrays - Page 11
on Hard Drives There is no one comprehensive encryption approach that covers all threats to data at rest. There are cost, interoperability, performance and on the drive. Adapters with on-board encryption ASICs entail interoperability challenges with multivendor adapters that do not support on-board - Seagate 15K.2 | Self-Encrypting Drives for Servers, NAS, and SAN Arrays - Page 12
are incorporated into hard drives, they can be intermixed with older drives in storage systems that support encryption without making any changes specific to the new drives' higher level of protection. Key management is also becoming interoperable. IBM, LSI and Seagate will support the Key - Seagate 15K.2 | Self-Encrypting Drives for Servers, NAS, and SAN Arrays - Page 13
this superior data integrity, SED does not impact the hard drive's reliability, availability or serviceability/warranty. Standardized Technology Lowers Costs The world's top six hard drive vendors (Fujitsu, Hitachi, Samsung, Seagate, Toshiba and Western Digital) collaborated to develop the final - Seagate 15K.2 | Self-Encrypting Drives for Servers, NAS, and SAN Arrays - Page 14
which requires reencryption of data-a huge performance drain. Data-in-Motion Secured Physically used to encrypt data stored on a hard drive. Here are three scenarios of session encryption required as long as the switches and routers support IPSec data encryption. Fibre Channel technology can only - Seagate 15K.2 | Self-Encrypting Drives for Servers, NAS, and SAN Arrays - Page 15
to secure the hard drive's data once the drive leaves the owner's performance demo video can be found at: www.SEDSecuritySolutions.com. AMERICAS ASIA / PACIFIC EUROPE, MIDDLE EAST AND AFRICA Seagate Technology LLC 920 Disc Drive, Scotts Valley, California 95066, United States, 831-438-6550 Seagate
Overview
This paper discusses the challenge of securing data on hard
drives that will inevitably leave the owner’s control. It introduces
Self-Encrypting Drives (SED), which may be used in two ways: to
provide instant secure erase (cryptographic erase or making the
data no longer readable), and to enable auto-locking to secure
active data if a drive is misplaced or stolen from a system while in
use. Two appendices then follow: The first compares SEDs to other
encryption technologies used to secure drive data. The second
provides detailed analysis of instant secure erase and auto-lock
SED technology, explaining how SEDs are used in servers, NAS and
SAN arrays, virtualized environments, RAIDs, JBODs and discrete
drives.
Introduction
When hard drives are retired and moved outside the physically
protected data center into the hands of others, the data on those
drives is put at significant risk. IT departments routinely retire drives
for a variety of reasons, including:
•
Returning drives for warranty, repair or expired lease agreements
•
Removal and disposal of drives
•
Repurposing drives for other storage duties
Nearly all drives eventually leave the data center and their owners’
control; Seagate estimates that 50,000 drives are retired from data
centers daily. Corporate data resides on such drives, and when
most leave the data center, the data they contain is still readable.
Even data that has been striped across many drives in a RAID array
is vulnerable to data theft, because just a typical single stripe in
today’s high-capacity arrays is large enough to expose hundreds of
names and social security numbers.
Self-Encrypting Drives for
Servers, NAS and SAN Arrays
Technology Paper