Seagate 15K.2 Self-Encrypting Drives for Servers, NAS, and SAN Arrays - Page 7

Appendix A: Self-Encrypting Drive Technology

Get Seagate 15K.2 - Savvio 146.8 GB Hard Drive PDF manuals and user guides
UPC - 715663213772
View all Seagate 15K.2 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 7 highlights

Self-Encrypting Drives for Servers, NAS and SAN Arrays Appendix A: Self-Encrypting Drive Technology Newly-Acquired Self-Encrypting Drives Each Self-Encrypting Drive (SED) randomly generates an encryption key in the factory that is embedded on the drive. The SED automatically performs full disk encryption; when a write is performed, clear text enters the drive and is first encrypted (using the encryption key embedded within the drive) before being written to the disk. When a read is performed, the encrypted data on the disk is decrypted before leaving the drive. During normal operation an SED is completely transparent to the system, appearing to be the same as a non-encrypting drive. The Self-Encrypting Drive is constantly encrypting- encryption cannot be accidentally turned off. When the owner acquires the drive, this embedded encryption key is in clear text form and will remain so until the drive is put in auto-lock mode, where an authentication key is introduced. The drive will encrypt and decrypt all data that it writes to and reads from the disk; however, without establishing an authentication key, anyone can write and read the clear text data on the disk. Setting up the system is quite simple. The owner must decide whether to use the SED in auto-lock mode or only for instant secure erase. Each use case is discussed below. Instant Secure Erase Technology If an owner wishes to use the drive for instant secure erase only, the owner will simply begin using the drive in normal operation. Secure erase-only mode means that the owner needs no authentication key or password to decrypt and read data. This eliminates the possibility of authentication key mismanagement and subsequent data loss. SED technology greatly simplifies repurposing of the drive and disposal. An owner wishing to repurpose a drive simply performs a key erase to replace the encryption key. The drive deletes the encryption key and replaces it with a new encryption key generated randomly within the drive. After key erase, any data that had been written to the disk is unreadable-data that was encrypted with the previous key is unintelligible when decrypted with the new encryption key (see Figure 2). The drive is left as it was delivered from the factory, ready for a new owner to use it in secure erase only mode or put the drive in autolock mode. Figure 2 7

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
Self-Encrypting Drives for
Servers, NAS and SAN Arrays
SED technology greatly simplifies repurposing
of the drive and disposal. An owner wishing to
repurpose a drive simply performs a key erase
to replace the encryption key. The drive deletes
the encryption key and replaces it with a new
encryption key generated randomly within the
drive. After key erase, any data that had been
written to the disk is unreadable—data that was
encrypted with the previous key is unintelligible
when decrypted with the new encryption key
(see Figure 2). The drive is left as it was delivered
from the factory, ready for a new owner to use it
in secure erase only mode or put the drive in auto-
lock mode.
Appendix A: Self-Encrypting Drive Technology
Newly-Acquired Self-Encrypting Drives
Each Self-Encrypting Drive (SED) randomly
generates an encryption key in the factory that is
embedded on the drive. The SED automatically
performs full disk encryption; when a write is
performed, clear text enters the drive and is first
encrypted (using the encryption key embedded
within the drive) before being written to the
disk. When a read is performed, the encrypted
data on the disk is decrypted before leaving
the drive. During normal operation an SED is
completely transparent to the system, appearing
to be the same as a non-encrypting drive. The
Self-Encrypting Drive is constantly encrypting—
encryption cannot be accidentally turned off.
When the owner acquires the drive, this
embedded encryption key is in clear text form and
will remain so until the drive is put in auto-lock
mode, where an authentication key is introduced.
The drive will encrypt and decrypt all data that
it writes to and reads from the disk; however,
without establishing an authentication key, anyone
can write and read the clear text data on the disk.
Setting up the system is quite simple. The owner
must decide whether to use the SED in auto-lock
mode or only for instant secure erase. Each use
case is discussed below.
Instant Secure Erase Technology
If an owner wishes to use the drive for instant
secure erase only, the owner will simply begin
using the drive in normal operation. Secure
erase-only mode means that the owner needs
no authentication key or password to decrypt
and read data. This eliminates the possibility
of authentication key mismanagement and
subsequent data loss.
7
Figure 2