Dell PowerEdge MX750c EMC PMem 200 Series Users Guide - Page 29

PMem security, Memory mode, App-direct

Get Dell PowerEdge MX750c PDF manuals and user guides View all Dell PowerEdge MX750c manuals
Add to My Manuals
Save this manual to your list of manuals

Page 29 highlights

7 PMem security Topics: • Memory mode • App-direct • Cryptographic erase and PMem sanitize Memory mode In Memory mode PMems operate as volatile system memory. User passphrase is not supported and this BIOS setting will be greyed out. App-direct Users have the option to enable Passphrase protection of PMem regions. The intent of the passphrase is to protect against unauthorized access to data stored on the PMem region. If the PMems are moved from one server to another server, the user must re-enter the security passphrase in BIOS setup before the data can be accessed. If the customer chooses to enable passphrase protection or not, BIOS locks the PMem before booting to the operating system or UEFI Shell. This means that all security changes are controlled by the Dell BIOS and operating system level security changes including Passphrase management and PMem erasing functions will not be supported. All these functions must be driven through the BIOS setup. NOTE: As mentioned in section DIMM Configuration Changes, the only migration scenario that is supported is a slot for slot replacement between motherboards. Adding or removing individual PMem for any reason will likely result in data loss and trigger the need for goal and security reconfiguration. The passphrase to lock or encrypt the data at rest on the PMem in App-direct is configurable in the BIOS setup. If the field is not empty, every boot the supplied passphrase is used to attempt to unlock all PMem in the system. The following use cases are related to unsupported migration scenarios: ● When changing passphrase in the BIOS setup, the existing passphrase only needs to be entered once per session. Entering and existing the field multiple times will not reprompt for the passphrase again (until the next boot session). ● Passphrase can be cleared by entering empty string in BIOS setup passphrase field. NOTE: To clear the passphrase, keep the passphrase field blank and hit Enter. PMem security 29

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
PMem security
Topics:
Memory mode
App-direct
Cryptographic erase and PMem sanitize
Memory mode
In Memory mode PMems operate as volatile system memory. User passphrase is not supported and this BIOS setting will be
greyed out.
App-direct
Users have the option to enable Passphrase protection of PMem regions. The intent of the passphrase is to protect against
unauthorized access to data stored on the PMem region. If the PMems are moved from one server to another server, the user
must re-enter the security passphrase in BIOS setup before the data can be accessed.
If the customer chooses to enable passphrase protection or not, BIOS locks the PMem before booting to the operating system
or UEFI Shell. This means that all security changes are controlled by the Dell BIOS and operating system level security changes
including Passphrase management and PMem erasing functions will not be supported. All these functions must be driven
through the BIOS setup.
NOTE:
As mentioned in section DIMM Configuration Changes, the only migration scenario that is supported is a slot for slot
replacement between motherboards. Adding or removing individual PMem for any reason will likely result in data loss and
trigger the need for goal and security reconfiguration.
The passphrase to lock or encrypt the data at rest on the PMem in App-direct is configurable in the BIOS setup. If the field is
not empty, every boot the supplied passphrase is used to attempt to unlock all PMem in the system.
The following use cases are related to unsupported migration scenarios:
When changing passphrase in the BIOS setup, the existing passphrase only needs to be entered once per session. Entering
and existing the field multiple times will not reprompt for the passphrase again (until the next boot session).
Passphrase can be cleared by entering empty string in BIOS setup passphrase field.
NOTE:
To clear the passphrase, keep the passphrase field blank and hit Enter.
7
PMem security
29