Home » Dell Manuals » Servers » Dell EqualLogic PS6210XS » Manual Viewer

Dell EqualLogic PS6210XS EqualLogic Group Manager Administrator s Guide PS Ser - Page 316

Self-Encrypting Drives (SED) Advanced Encryption, Media Encryption Key and the Access Key

View all Dell EqualLogic PS6210XS manuals

Add to My Manuals
Save this manual to your list of manuals

Page 316 highlights

Security is not compromised. Array Y cannot unlock the drive because it needs the SEDset key from array X. The drive can be manually converted to a spare, and doing so will instantly erase it. 7. SED array is operating normally. A drive and a controller are removed. Security is not compromised on the drive. The SEDset key cannot be found on the controller, even if it is pulled from a running system. However, cached data might be found in the controller's battery-backed RAM, which is not protected by SED or any other encryption. 8. SED array with 16 slots is populated with 8 SEDs. Then, 8 new SEDs are added. Assume the array includes 6 active drives and 2 spares. Initially, the SEDset spans the 6 active drives, so 3 drives must be lost before the key is compromised. As new drives are inserted, the SEDset resecures itself with each addition. Eventually, the SEDset spans all 14 active drives, so 7 drives must be lost before the key is compromised. Self-Encrypting Drives (SED) Advanced Encryption Advanced encryption for SEDs includes the following methods: • Media encryption key and access key • Threshold secret sharing and local keying Media Encryption Key and the Access Key This encryption method is as secure but much more flexible than encrypting directly with the access key. The access key can be changed without affecting the encrypted data, because the Media Encryption Key remains unchanged. If data were encrypted with the access key, as in the past, then changing the key would destroy data. Likewise, overwriting the Media Encryption Key does destroy data, resulting in an instantaneous cryptographic erasure of the entire drive. If a SED is not configured with an access key, then data is readable as if the drive were not self-encrypting. If a SED is configured with an access key, then the access key must be provided to unlock the drive, which remains unlocked only while powered. The drive locks itself upon losing power or shutting down, and the access key must be provided again. This information also applies to partitions of a SED (called bands by the Trusted Computing Group [TCG]). Each partition has its own Media Encryption Key and optional access key (called a BandMaster by the TCG). AutoSED configures a small unsecured band for drive labels, followed by a single secured band spanning the rest of the drive. This access key is the key that is protected by AutoSED. Threshold Secret Sharing and Local Keying The AutoSED feature is a self-contained keying system, requiring no external Key Management Service (KMS). Exclusive to Dell, automatic local keying relies upon the concept of cryptographic secret sharing as discovered by Adi Shamir and specified in the Internet Draft Threshold Secret Sharing by David McGrew (draft-mcgrew-tss-03). When a SED member is initially configured, AutoSED generates a new and unique access key. Every drive in the system is locked with this one key. Then, the Shamir algorithm is used to split the key into any number of pieces, called shares, which have the following properties: 1. For each set of shares, you can choose how many shares are needed to recover the key (for instance, 2-out-of-3 or 10-outof-20). This number is the threshold. 2. Every time the key is split into a set of shares, the shares will be different even though the key stays the same. Shares can be combined only with shares from the same set; they are incompatible with shares from any other set. 3. Shares disclose no information about the key until the threshold is reached. AutoSED always chooses to split the key such that one share is written to each active drive in the system (that is, non-spare, nonfailed, non-foreign drives). The threshold is always half that number; more precisely, it is (n+1)/2. Therefore, the SEDset can automatically unlock itself whenever half of the drives are present. For the same reason, an adversary must possess half of the drives from the same SEDset to unlock it. 316 About Self-Encrypting Drives (SEDs) and AutoSED

Section	Page
Dell EqualLogic Group Manager Administrator’s Guide PS Series Firmware Version 9.1 FS Series Firmware Version 4.0	3
About This Manual	16
Audience	16
Related Documentation	16
Dell Online Services	16
Dell EqualLogic Storage Solutions	16
Dell Technical Support and Customer Service	16
Contacting Dell	17
About Group Manager	18
About GUI and CLI Access	19
Log In to the Group Manager GUI	19
Access the Command-Line Interface (CLI)	19
About the Localized GUI	19
About the End-User License Agreement	20
Install the Group Manager GUI Locally	20
Show or Hide the Session Banner	20
Keyboard Shortcuts	21
GUI Icons	22
Search for Volumes, Collections, Pools, Partners, and Members	22
About Online Help for Group Manager	23
Install the Group Manager Online Help as a Local Resource	23
Access Online Help	23
Localized Online Help	23
Troubleshooting Online Help	24
Architecture Fundamentals	25
About Groups	28
How Groups Work	29
Group: Configuration Recommendations	30
About Storage Pools	31
Single-Pool Design	31
Multiple-Pool Design	31
Storage Pool: Design Checklist	31
Storage Pool: Design Examples	32
About Volumes	33
Volume Attributes	34
Volume Types	36
About Volume Space Allocation	36
About NAS Architecture	36
About NAS Clusters	39
About NAS Controllers	40
About NAS Containers	41
About the NAS Reserve	41
Set Up the iSCSI SAN	43
Post-Setup Tasks	44
About the Group Date and Time	44
Change or Delete an NTP Server	44
Change the Time Zone and Clock Time	45
About Session Idle Timeout	45
Change the Session Idle Timeout	45
Set General GUI Policies	45
Set GUI Communication Policies	46
Set Alarm Policies	46
Display NAS Cluster Alarms	46
Set Advanced Policies	46
Monitor Events	46
Monitor Audit Log Events	47
About Event Notifications	48
About Email Notification	48
About Email Home	49
Configure syslog Notification	50
Enable or Disable the Display of INFO Event Messages	51
Data Security	52
About Group-Level Security	53
Enable or Disable GUI and CLI Access	53
Switch Administration Authentication Type	53
About Administration Accounts	53
Types of Administration Accounts	54
Differences Between Authentication Methods	55
Administration Account Attributes	56
About Security Access Protocols	57
SSH Key Pair Authentication	57
Minimum Requirements for Administrative Access	58
Create a Local Administration Account	58
Modify Local Administration Accounts	59
Delete Local Administration Accounts	59
About RADIUS Accounts	60
RADIUS Attributes for Administration Accounts	60
About LDAP Authorization and Active Directory	64
Add an Active Directory Server	64
About Active Directory Groups	67
About Single Sign-On	68
Check Server and Single Sign-On Configuration	68
Use Single Sign-On to Log In to a PS Series Group	68
Log Out of Group Manager Using Single Sign-On	69
Enable or Disable Single Sign-On	69
About SNMP Access to the Group	69
About SNMP Authentication	69
Add or Change SNMP Access to a Group	69
Display SNMP Access to a Group	70
About SNMP Traps	70
About VDS and VSS Authentication	71
Display and Configure Windows Service Access to a Group	72
Add a VDS/VSS Access Control Policy	72
Modify a VDS/VSS Access Control Policy	72
Delete a VDS/VSS Access Control Policy	72
About IPsec	73
Types of Protected Traffic	73
IPsec Policies	74
Security Certificates	74
IPsec Security Parameters	75
IPsec Security Associations (SA)	75
IPsec Pre-Shared Keys (PSKs)	75
Examples of IPsec Configurations	75
IPsec Performance Considerations	92
IPsec Configuration Limitations	92
Protect Network Traffic with IPsec	95
About Dedicated Management Networks	97
Using IPv6 with Management Networks	97
Configure a Management Network	97
Display Management Network Information	99
Unconfigure a Management Network	99
Enable Secure Erase	99
About Volume-Level Security	101
Connect Initiators to iSCSI Targets	101
Access Control Methods	101
About Access Policies	102
Access Policies: Use Cases	102
Create a New Access Policy	104
Create a New Basic Access Point	104
Modify or Delete a Basic Access Point	105
Modify Access Policies and Basic Access Points by Volume	105
Associate Access Control Policies with Volumes	106
Create an Access Policy Group	107
Associate an Access Policy Group to a Volume	107
Manage Access Controls for VDS/VSS Access	108
Authenticate Initiators with CHAP	108
Display Local CHAP Accounts	109
Create a Local CHAP Account	109
Modify a Local CHAP Account	110
Delete a Local CHAP Account	110
Configure CHAP for Initiator Authentication on Existing Volumes	110
Configure CHAP for Initiator Authentication on New Volumes	110
Configure CHAP Accounts on a RADIUS Authentication Server	110
Configure Target Authentication	111
About iSNS Servers	111
Prerequisites for Configuring an iSNS Server	112
Enable or Disable iSNS Discovery	112
Configure an iSNS Server in the Group	112
Modify an iSNS Server	112
Delete an iSNS server	113
Prevent Discovery of Unauthorized Targets	113
iSCSI Access Requirements	113
Enable the iSCSI Discovery Filter	113
Disable the iSCSI Discovery Filter	113
About Multihost Access to Targets	114
Allow or Disallow Multihost Volume Access	114
About Snapshot Access Controls	115
About Multihost Snapshot Access	115
Allow or Disallow Multihost Snapshot Access	115
About NAS Container Security	115
Modify the File Security Style for a NAS Container	116
Modify the UNIX Permissions for Windows Directories or Files	116
PS Series Group Operations	117
About Group Network Configuration	117
Modify the Group IP Address or Group Name	118
Add a Member to an Existing Group	118
Set the RAID Policy and Pool for a New Member	119
Convert a RAID Policy	120
Supported RAID Policy Conversions	120
RAID Sets	121
Enable and Disable a Volume RAID Preference	122
About Overriding Automatic Load Balancing	123
Shut Down a Group	123
Create an Empty Storage Pool	124
Create a Storage Pool from an Existing Member	124
Change a Storage Pool Name or Description	125
Merge Storage Pools	125
Delete a Storage Pool	125
About Groupwide Volume Defaults	125
Modify Groupwide Volume Settings	126
About Space Borrowing	126
Benefits of Space Borrowing	126
Displaying Space-Borrowing Information	127
Using Space-Borrowing Information	128
About Compression of Snapshots and Replicas	128
Compression Prerequisites	129
About Rehydration	129
About Compression Statistics	129
Compression Statistics by Pool	129
Compression Statistics by Member	129
Compression Statistics by Volume	129
Member Compression States	130
Enable Compression	130
Suspend Compression	130
Resume Compression	131
View Compression Statistics by Pool	131
View Compression Statistics by Member	131
View Compression Statistics by Volume	131
Compression Commands in the CLI	132
About Volumes	133
Create a Volume	133
Modify a Volume Name or Description	133
Modify a Volume Permission	133
Modify a Volume Alias	134
Modify the Administrator for a Volume	134
About Smart Tags	134
Predefined Smart Tags	135
Using Smart Tags	135
Set a Volume Offline or Online	136
Delete a Volume	137
About Volume Collections	137
Create a Volume Collection	137
Modify a Volume Collection	138
Delete a Volume Collection	138
About Volume Folders	138
Volume Folder Configuration Considerations	138
Create a Volume Folder	139
Display Volume Folders	139
Hide Volume Folders	139
Rename Volume Folders	139
Add and Remove Volumes from Folders	140
Move Volumes Between Volume Folders	140
Delete Volume Folders	140
About Restoring Deleted Volumes	141
Enable or Disable Volume Undelete	141
Display Deleted Volumes	141
Restore Deleted Volumes	142
Purge Deleted Volumes	142
About Changing the Reported Volume Size	143
Decrease the Reported Size of a Volume	143
Increase the Reported Size of a Volume	144
About Reclaiming Unallocated Space	144
Running Defrag Tools	145
Unmapping Replicated Volumes	145
Using Unmapping with VMware	145
Using Unmapping with Red Hat Enterprise Linux	145
Using Unmapping with Windows 8/Windows Server 2012	145
Set a Volume or Snapshot with Lost Blocks Online	146
Volume and Snapshot Status	146
Volume and Snapshot Requested Status	147
About Managing Storage Capacity Utilization On Demand (Thin Provisioning)	148
Enable Thin Provisioning on a Volume	148
Thin-Provisioning Space Settings	149
Modify the Thin-Provisioning Space Settings	150
Disable Thin Provisioning on a Volume	150
About Improving Pool Space Utilization (Template Volumes and Thin Clones)	151
Space Considerations for Template Volumes and Thin Clones	151
Restrictions on Template Volumes and Thin Clones	152
Convert a Standard Volume to a Template Volume	153
Create a Thin Clone	153
Detach a Thin Clone from a Template Volume	154
Convert a Template Volume to a Standard Volume	154
About Data Center Bridging	155
Configure Data Center Bridging	155
Set the Data Center Bridging VLAN ID	156
Change the Data Center Bridging VLAN ID	156
Monitor Data Center Bridging Statistics and Configuration	156
VMware Group Access Panel	157
VMware Overview Panel	157
About Protocol Endpoints	158
About Storage Containers	158
Storage Container Limitations	158
Storage Container Space Limits	159
Create a Storage Container	159
Modify a Storage Container	159
Delete a Storage Container	160
Virtual Machines Tab	160
NAS Operations	162
NAS Cluster Operations	163
NAS Cluster Configuration	163
About Mixed-Model NAS Clusters	163
Configure a NAS Cluster	164
Resolve a Failed NAS Configuration	166
NAS Cluster Post-Setup Tasks	167
Modify a NAS Cluster Name	169
Modify NAS Clusterwide Default NAS Container Settings	169
Select an NFS Protocol Version	169
Modify the Size of the NAS Reserve	169
Add a Local Group for a NAS Cluster	169
Delete a Local Group from a NAS Cluster	170
Add a Local User on a NAS Cluster	170
Modify a Local User on a NAS Cluster	170
Delete a Local User from a NAS Cluster	170
Map Users for a NAS Cluster	171
Set the User Mapping Policy for a NAS Cluster	171
Delete a User Mapping for a NAS Cluster	171
Configure an Active Directory for a NAS Cluster	171
Configure Preferred Domain Controllers	172
Leave Active Directory	172
Configure or Modify NIS or LDAP for a NAS Cluster	173
Delete NIS or LDAP Configuration for a NAS Cluster	173
Modify the Client Network Configuration	173
Configure DNS for a NAS Cluster	174
About the Internal Network Required for NAS Configuration	174
SAN Network Configuration Settings	174
Modify the SAN Network Configuration	175
About NAS Cluster Maintenance Mode	175
Set a NAS Cluster to Maintenance Mode	176
Resume Normal Cluster Operation	176
Shut Down and Restart a NAS Cluster Manually	176
About Deleting a NAS Cluster	177
Delete a NAS Cluster	177
NAS Controller Operations	178
Add Additional NAS Controllers	178
About Replacing a NAS Controller with Detach and Attach	179
Detach a NAS Controller	179
Attach a NAS Controller	180
About Updating NAS Controller Firmware	181
Update NAS Controller Firmware	181
Cleanly Shut Down a NAS Controller Pair	182
NAS Container Operations	183
Create a NAS Container	183
Modify NAS Clusterwide Default NAS Container Settings	184
Modify NAS Clusterwide Default NAS Container Permissions	184
Modify NAS Clusterwide Default NFS Export Settings	184
Modify NAS Clusterwide Default SMB Share Settings	184
Modify a NAS Container Name	184
Modify the Size of a NAS Container	184
Modify the Snapshot Reserve and Warning Limit for a NAS Container	185
Modify the In-Use Space Warning Limit for a NAS Container	185
Modify a NAS Container for Few Writers Workloads	185
Delete a NAS Container	185
NFS Netgroups	186
Access NFS Exports	186
Create an NFS Export	187
Modify the Client Access Setting for an NFS Export	187
Modify the Permission for an NFS Export	188
Modify the Trusted Users for an NFS Export	188
Modify NAS Clusterwide Default NFS Export Settings	188
Modify an NFS Export Directory	188
Modify an NFS Export	189
About NFS Export Security Methods	189
Delete an NFS Export	189
About SMB Shares	190
Access SMB Shares in Windows	190
Mount a NAS SMB Share from UNIX	190
Create an SMB Share	190
Set the SMB Password	191
Modify an SMB Share Directory	191
Delete an SMB Share	192
Rebalance SMB Client Connections Across NAS Controllers	192
Enable or Disable SMB Message Signing	192
Enable or Disable SMB Message Encryption	192
Modify SMB Share NAS Antivirus Settings	192
Access-Based Enumeration	193
About SMB Home Shares	194
Create a NAS Thin Clone	198
Client Networks	198
Optimal Virtual IP Assignment	199
Viewing or Modifying a Client Network	199
Deleting a Client Network	199
Modifying Client Network Properties	200
About NAS Antivirus Servers	200
How NAS Antivirus Protects Data	200
NAS Antivirus Server Specifications	201
Add a NAS Antivirus Server	201
Modify a NAS Antivirus Server	201
Delete a NAS Antivirus Server	202
About NAS Antivirus Clusterwide Defaults	202
Enable the NAS Antivirus Service on an SMB Share	203
Monitor the NAS Antivirus Service	204
NAS Directory Paths and File Types Scan	204
Antivirus Policy	206
Access Infected Files	206
Create a NAS Container Quota	206
Modify a NAS Container Quota	207
Modify the Default NAS Container Group Quota	207
Modify the Default NAS Container User Quota	207
Delete a NAS Container Quota	208
About Quota Directories	208
Configuring Quota Directories	208
Quotas and NAS Containers	208
External Authentication	209
Local Authentication	209
About NAS Thin Provisioning	209
NAS Container Storage Space Terminology	209
About NAS Containers	210
About Data Rehydration	211
NAS Container Data Reduction	212
Enable Data Reduction	213
Modify NAS Container Data Reduction Settings	214
Modify NAS Cluster Default Data Reduction Settings	214
Data Reduction Policy	215
Create Default Data Reduction Properties	216
About NAS Data Reduction Schedules	216
FS Series VAAI Plugin	218
Installation Instructions	218
Plugin Verification	218
Removal Instructions	219
Diagnose and Resolve NAS Cluster and PS Series Issues	220
NAS Cluster Diagnostics	220
About Current and Past NAS Network Performance Statistics	220
Online Diagnostics	221
Offline Diagnostics	221
Generating PS Series and NAS Cluster Diagnostics Reports	222
Adding SMTP Servers	222
Modifying SMTP Server Properties	222
Deleting SMTP Servers	222
Reinstall FS Series Firmware v4 from an Internal USB	223
About Backing Up and Protecting Your Data	224
About Volume Data Protection	224
Protect NAS Container Data with NDMP	225
Configure NDMP for a NAS Cluster	225
About Snapshots	225
How Snapshots Work	226
About Snapshot Reserve	227
Create a Snapshot	228
Set a Snapshot Online or Offline	229
Clone a Snapshot to Create a New Volume	229
Modify a Snapshot Name or Description	229
Delete Snapshots	230
Restore a Volume from a Snapshot	231
About Snapshots and NAS Container Data	231
About Snapshot Collections	233
About Snapshot Space Borrowing	235
About Replication	236
Replication Types	237
Plan Your Volume Replication Environment	237
About Replication Space	240
About Replication Partners	248
Configure a Volume for Replication	250
Replicate Volume Collections	255
About Replicas	256
About Replication Borrowing	259
About Cross-Platform Replication	260
About Schedules	261
Create a Schedule	261
Modify a Schedule	261
Delete a Schedule	262
Create a NAS Container Snapshot Schedule	262
Modify a NAS Container Snapshot Schedule	262
Monitor NAS Snapshot Schedules	263
Disable a NAS Container Snapshot Schedule	263
Delete a NAS Container Snapshot Schedule	263
About Data Recovery	264
About Recovering Data from a Snapshot	265
Requirements and Restrictions	265
Failback to Primary Operation (Manual)	266
Move a Failback Replica Set to a Different Pool	266
Replicate to Partner Operation (Manual)	266
Switch Partner Roles Permanently	267
Make an Inbound Replica Set Promotion Permanent	267
Convert a Failback Replica Set to an Inbound Replica Set	268
Make a Temporary Volume Available on the Secondary Group	269
Replicate a Recovery Volume to the Primary Group	269
Promote an Inbound Replica Set to a Recovery Volume	270
Recovery Volume Options	271
Recovery Volume Restrictions	271
How to Handle a Failed Operation	271
Fail Back to the Primary Group	272
Volume Failover and Failback	272
Recover Data from a Replica	273
About Data Recovery from a Replica	273
About Permanently Promoting a Replica Set to a Volume	273
Permanently Promote a Replica Set to a Volume	274
About Failing Over and Failing Back a Volume	275
About NAS Disaster Recovery	278
About NAS Replication	278
Recover from an Offline or Unavailable NAS	291
About Cloning Volumes	295
Clone a Volume	295
About Cloning an Inbound Replica	295
Clone an Inbound Replica	296
About Synchronous Replication	297
How Synchronous Replication Works	297
Compare SyncRep and Traditional Replication	297
How Synchronous Replication Protects Volume Availability in Different Scenarios	299
Normal Synchronous Replication Operation	299
SyncAlternate Volume Unavailable	300
SyncActive Volume Unavailable	301
Requirements for Using Synchronous Replication	302
Synchronous Replication States	302
About System Snapshots and SyncRep	303
Protected System Snapshots	303
Failback System Snapshots	303
About Synchronous Replication and Snapshots	303
Automatic Snapshot Creation	304
About Synchronous Replication Switches and Failovers	304
SyncRep SwitchesSyncRep Failovers	304
About Synchronous Replication Volume Collections	305
About Using Thin Clones and Templates with Synchronous Replication	306
Thin Clones	306
Templates	306
Configure Synchronous Replication (SyncRep) on a Volume	307
Disable Synchronous Replication (SyncRep) for a Volume	307
Monitor Synchronous Replication (SyncRep) Volumes	307
Pause Synchronous Replication (SyncRep)	307
Resume Synchronous Replication (SyncRep)	308
Enable Synchronous Replication (SyncRep) for a Volume Collection	308
Disable Synchronous Replication (SyncRep) for a Volume Collection	308
Change the Pool Assignment of a Synchronous Replication (SyncRep) Volume	309
View the Distribution of a Volume Across Pools	309
About Switching and Failing Over SyncRep Pools	309
Switch from SyncActive to SyncAlternate	309
Fail Over from SyncActive to SyncAlternate	309
Switch Synchronous Replication (SyncRep) Collection Pools	310
Disconnect the SyncActive Volume	310
About Self-Encrypting Drives (SEDs) and AutoSED	311
Scenarios Covered by AutoSED	311
Scenarios Not Covered by AutoSED	311
About Self-Encrypting Drives (SED)	312
How Key Shares Work	312
How Self-Encryption Protects Data	312
About SED Members in a Group	313
Examples	313
Back Up a Self-Encrypting Drive (SED) Key	313
Self-Encrypting Drives (SED) Frequently Asked Questions (FAQ)	314
Why are my backups always different?	314
Why is a secure-erase command not available?	314
What is the difference between a locked drive and a securely erased drive?	314

Match case Limit results 1 per page

Security is not compromised. Array Y cannot unlock the drive because it needs the SEDset key from array X. The drive can be

manually converted to a spare, and doing so will instantly erase it.

SED array is operating normally. A drive and a controller are removed.

Security is not compromised on the drive. The SEDset key cannot be found on the controller, even if it is pulled from a running

system. However, cached data might be found in the controller’s battery-backed RAM, which is not protected by SED or any

other encryption.

SED array with 16 slots is populated with 8 SEDs. Then, 8 new SEDs are added.

Assume the array includes 6 active drives and 2 spares. Initially, the SEDset spans the 6 active drives, so 3 drives must be lost

before the key is compromised. As new drives are inserted, the SEDset resecures itself with each addition. Eventually, the

SEDset spans all 14 active drives, so 7 drives must be lost before the key is compromised.

Self-Encrypting Drives (SED) Advanced Encryption

Advanced encryption for SEDs includes the following methods:

•

Media encryption key and access key

•

Threshold secret sharing and local keying

Media Encryption Key and the Access Key

This encryption method is as secure but much more

ﬂexible

than encrypting directly with the access key. The access key can be

changed without

aﬀecting

the encrypted data, because the Media Encryption Key remains unchanged. If data were encrypted with

the access key, as in the past, then changing the key would destroy data. Likewise, overwriting the Media Encryption Key does

destroy data, resulting in an instantaneous cryptographic erasure of the entire drive.

If a SED is not

conﬁgured

with an access key, then data is readable as if the drive were not self-encrypting.

If a SED is

conﬁgured

with an access key, then the access key must be provided to unlock the drive, which remains unlocked only

while powered. The drive locks itself upon losing power or shutting down, and the access key must be provided again.

This information also applies to partitions of a SED (called bands by the Trusted Computing Group [TCG]). Each partition has its own

Media Encryption Key and optional access key (called a BandMaster by the TCG). AutoSED

conﬁgures

a small unsecured band for

drive labels, followed by a single secured band spanning the rest of the drive. This access key is the key that is protected by

AutoSED.

Threshold Secret Sharing and Local Keying

The AutoSED feature is a self-contained keying system, requiring no external Key Management Service (KMS). Exclusive to Dell,

automatic local keying relies upon the concept of cryptographic secret sharing as discovered by Adi Shamir and

speciﬁed

in the

Internet Draft Threshold Secret Sharing by David McGrew (draft-mcgrew-tss-03).

When a SED member is initially

conﬁgured,

AutoSED generates a new and unique access key. Every drive in the system is locked

with this one key. Then, the Shamir algorithm is used to split the key into any number of pieces, called shares, which have the

following properties:

For each set of shares, you can choose how many shares are needed to recover the key (for instance, 2-out-of-3 or 10-out-

of-20). This number is the threshold.

Every time the key is split into a set of shares, the shares will be

diﬀerent

even though the key stays the same. Shares can be

combined only with shares from the same set; they are incompatible with shares from any other set.

Shares disclose no information about the key until the threshold is reached.

AutoSED always chooses to split the key such that one share is written to each active drive in the system (that is, non-spare, non-

failed, non-foreign drives). The threshold is always half that number; more precisely, it is (

+1)/2. Therefore, the SEDset can

automatically unlock itself whenever half of the drives are present. For the same reason, an adversary must possess half of the

drives from the same SEDset to unlock it.

316

About Self-Encrypting Drives (SEDs) and AutoSED