ASRock Z87 Extreme11/ac LSI Mega RAID Storage Manager Guide - Page 137

Enabling Drive Security Using EKM

Get ASRock Z87 Extreme11/ac PDF manuals and user guides View all ASRock Z87 Extreme11/ac manuals
Add to My Manuals
Save this manual to your list of manuals

Page 137 highlights

This section describes how to enable, change, and disable drive security, and how to import a foreign configuration using the SafeStore Encryption Services advanced software. The SafeStore Encryption Services advanced software provides drive security to create secure virtual drives by using the External Key Management (EKM) and the Local Key Management (LKM). • Enabling Drive Security Using EKM • Enabling Drive Security Using LKM Enabling Drive Security Using EKM EKM is used for key management when a large number of systems are deployed. You can automate and manage the life cycle of keys and unlock configurations using EKM. Another important feature of EKM is that you can use EKM without human intervention to perform operations like drive migration and controller replacement. MegaRAID accomplishes the task of obtaining keys by interacting with the EKM agent. The EKM agent talks to the EKM server (EKMS) through a network and gets the security key for the controller. Keys are retrieved or created to perform the following tasks. • Create secure virtual drives. • Insert drives to replace failed drives in a secure configuration. • Re-key the system based on EKMS policies or user request. • Gain access to a secured configuration during boot. • Unlock and import secured drives during migration. You can perform the following configurations to enable the drive security to create secure virtual drives using the EKM mode with the support of EKM servers. • EKM mode is supported by the MegaRAID Storage Manager software and EKMS is present. • EKM mode is supported by the MegaRAID Storage Manager software and EKMS is not present. • Change current security settings or switch between modes. • Change security settings when the user is in EKM and wants to switch to LKM. • Import Foreign Drives. Supporting EKM Mode When you choose EKM for drive security, and decide to configure when EKM mode is supported, and EKMS is present, the application responds to different behaviors based on the scenarios that take place at that particular time. The first scenario occurs when EKM is enabled, and the second scenario occurs when EKM is enabled and EKMS is present. The details of these scenarios are described further in this section. Perform the following steps to configure, EKM mode is supported, and EKMS is present. 1. Select the Physical tab in the left panel of the MegaRAID Storage Manager window, and select a controller icon. DB09-000202-05 37857-02 Using the MegaRAID Advanced Software Rev. F - May 2011 Copyright © 2011 by LSI Corporation. All rights reserved. Page 137

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
Using the MegaRAID Advanced Software
Page 137
DB09-000202-05 37857-02
Rev. F - May 2011
Copyright © 2011 by LSI Corporation. All rights reserved.
This section describes how to enable, change, and disable drive security, and how to import a
foreign configuration using the SafeStore Encryption Services advanced software.
The SafeStore Encryption Services advanced software provides drive security to create secure
virtual drives by using the
External Key Management
(EKM) and the
Local Key Management
(LKM).
Enabling Drive Security Using EKM
Enabling Drive Security Using LKM
Enabling Drive Security Using EKM
EKM is used for key management when a large number of systems are deployed. You can
automate and manage the life cycle of keys and unlock configurations using EKM.
Another important feature of EKM is that you can use EKM without human intervention to perform
operations like drive migration and controller replacement.
MegaRAID accomplishes the task of obtaining keys by interacting with the EKM agent. The EKM
agent talks to the EKM server (EKMS) through a network and gets the security key for the
controller.
Keys are retrieved or created to perform the following tasks.
Create secure virtual drives.
Insert drives to replace failed drives in a secure configuration.
Re-key the system based on EKMS policies or user request.
Gain access to a secured configuration during boot.
Unlock and import secured drives during migration.
You can perform the following configurations to enable the drive security to create secure virtual
drives using the EKM mode with the support of EKM servers.
EKM mode is supported by the MegaRAID Storage Manager software and EKMS is present.
EKM mode is supported by the MegaRAID Storage Manager software and EKMS is not
present.
Change current security settings or switch between modes.
Change security settings when the user is in EKM and wants to switch to LKM.
Import Foreign Drives.
Supporting EKM Mode
When you choose EKM for drive security, and decide to configure when
EKM mode is
supported, and EKMS is present
, the application responds to different behaviors based on the
scenarios that take place at that particular time.
The first scenario occurs when EKM is enabled, and the second scenario occurs when EKM is
enabled and EKMS is present. The details of these scenarios are described further in this section.
Perform the following steps to configure, EKM mode is supported, and EKMS is present.
1.
Select the
Physical
tab in the left panel of the MegaRAID Storage Manager window, and
select a controller icon.