Home » Lenovo Manuals » Servers » Lenovo ThinkServer RD330 » Manual Viewer

Lenovo ThinkServer RD330 MegaRAID SAS Software User Guide - Page 47

SafeStore Disk Encryption

View all Lenovo ThinkServer RD330 manuals

Add to My Manuals
Save this manual to your list of manuals

Page 47 highlights

MegaRAID SAS Software User Guide Chapter 3: SafeStore Disk Encryption | Overview Chapter 3 SafeStore Disk Encryption This chapter describes the SafeStore™ Disk Encryption service. The SafeStore Disk Encryption service is a collection of features within storage products that supports self-encrypting disks. SafeStore encryption services supports Local Key Management. 3.1 Overview 3.2 Purpose and Benefits The SafeStore Disk Encryption service offers the ability to encrypt data on drives and use disk-based key management to provide data security. This solution provides data protection in the event of theft or loss of physical drives. With self-encrypting drives, if you remove a drive from its storage system or the server it is housed in, the data on that drive is encrypted and useless to anyone who attempts to access without the appropriate security authorization. With the SafeStore encryption service, data is encrypted by the drives. You can designate which data to encrypt at the individual virtual disk (VD) level. Any encryption solution requires management of the encryption keys. The security service provides a way to manage these keys. Both the WebBIOS Configuration Utility (Chapter 4) and MegaRAID Storage Manager (Chapter 11) offer procedures that you can use to manage the security settings for the drives. Security is a growing market concern and requirement. MegaRAID customers are looking for a comprehensive storage encryption solution to protect data. You can use the SafeStore encryption service to help protect your data. In addition, SafeStore local key management removes the administrator from most of the daily tasks of securing data, thereby reducing user error and decreasing the risk of data loss. Also, SafeStore local key management supports instant secure erase of drives that permanently removes data when repurposing or decommissioning drives. These services provide a much more secure level of data erasure than other common erasure methods, such as overwriting or degaussing. Page 47

Section	Page
MegaRAID® SAS Software User Guide	13
1.1 SAS Technology	13
1.2 Serial-attached SCSI Device Interface	14
1.3 Serial ATA II Features	14
1.4 Solid State Drive Features	15
1.4.1 Solid State Drive Guard	15
1.5 Dimmer Switch Feature	16
1.6 UEFI 2.0 Support	16
1.7 Configuration Scenarios	16
1.7.1 Valid Drive Mix Configurations with HDDs and CacheCade – SSD Caching software	18
1.8 Technical Support	18
Introduction to RAID	21
2.1 RAID Description	21
2.2 RAID Benefits	21
2.3 RAID Functions	21
2.4 Components and Features	21
2.4.1 Drive Group	22
2.4.2 Virtual Drive	22
2.4.3 Fault Tolerance	22
2.4.4 Consistency Check	23
2.4.5 Copyback	23
2.4.6 Background Initialization	24
2.4.7 Patrol Read	25
2.4.8 Disk Striping	25
2.4.9 Disk Mirroring	25
2.4.10 Parity	26
2.4.11 Disk Spanning	27
2.4.12 Hot Spares	28
2.4.13 Disk Rebuilds	29
2.4.14 Rebuild Rate	30
2.4.15 Hot Swap	30
2.4.16 Drive States	30
2.4.17 Virtual Drive States	31
2.4.18 Beep Codes	31
2.4.19 Enclosure Management	31
2.5 RAID Levels	31
2.5.1 Summary of RAID Levels	32
2.5.2 Selecting a RAID Level	32
2.5.3 RAID 0	33
2.5.4 RAID 1	33
2.5.5 RAID 5	34
2.5.6 RAID 6	35
2.5.7 RAID 00	36
2.5.8 RAID 10	37
2.5.9 RAID 50	38
2.5.10 RAID 60	39
2.6 RAID Configuration Strategies	40
2.6.1 Maximizing Fault Tolerance	41
2.6.2 Maximizing Performance	42
2.6.3 Maximizing Storage Capacity	43
2.7 RAID Availability	44
2.7.1 RAID Availability Concept	44
2.8 Configuration Planning	45
2.9 Number of Drives	45
2.9.1 Drive Group Purpose	45
SafeStore Disk Encryption	47
3.1 Overview	47
3.2 Purpose and Benefits	47
3.3 Terminology	48
3.4 Workflow	48
3.4.1 Enable Security	48
3.4.2 Change Security	49
3.4.3 Create Secure Virtual Drives	49
3.4.4 Import a Foreign Configuration	50
3.5 Instant Secure Erase	50
WebBIOS Configuration Utility	53
4.1 Overview	53
4.2 Starting the WebBIOS CU	53
4.3 WebBIOS CU Main Screen Options	54
4.4 Managing Software Licensing	56
4.4.1 Managing MegaRAID Advanced Software Options	56
4.4.2 Reusing the Activation Key	59
4.4.3 Managing Advanced Software Summary	60
4.4.4 Activating an Unlimited Key Over a Trial Key	61
4.4.5 Activating a Trial Software	61
4.4.6 Activating an Unlimited Key	62
4.4.7 Securing MegaRAID Advanced Software	62
4.4.8 Confirm Rehosting Process	62
4.4.9 Rehosting Process Complete	63
4.5 Creating a Storage Configuration	64
4.5.1 Selecting the Configuration with the Configuration Wizard	64
4.5.2 Using Automatic Configuration	67
4.5.3 Using Manual Configuration	68
4.6 Creating a CacheCade Configuration	105
4.7 Selecting SafeStore Encryption Services Security Options	110
4.7.1 Enabling the Security Key Identifier, Security Key, and Password	110
4.7.2 Enabling Drive Security using EKM	115
4.7.3 Changing the Security Key Identifier, Security Key, and Pass Phrase	116
4.7.4 Change Security from EKM to LKM	117
4.7.5 Changing Security from LKM to EKM	122
4.7.6 Disabling the Drive Security Settings	123
4.8 Viewing and Changing Device Properties	125
4.8.1 Viewing Controller Properties	125
4.8.2 Viewing Virtual Drive Properties, Policies, and Operations	130
4.8.3 Viewing Drive Properties	131
4.8.4 Viewing and Changing Battery Backup Unit Information	133
4.9 Expanding a Virtual Drive	136
4.10 Using MegaRAID Recovery	137
4.10.1 Recovery Scenarios	138
4.10.2 Enabling the Recovery Advanced Software	138
4.10.3 Creating Snapshots and Views	141
4.10.4 Creating Concurrent Snapshots	145
4.10.5 Selecting the Snapshot Settings	146
4.10.6 Viewing Snapshot Properties	148
4.10.7 Restoring a Virtual Drive by Rolling Back to a Snapshot	150
4.10.8 Cleaning up a Snapshot Repository	152
4.11 Viewing System Event Information	154
4.12 Managing Configurations	156
4.12.1 Running a Consistency Check	156
4.12.2 Deleting a Virtual Drive	156
4.12.3 Importing or Clearing a Foreign Configuration	156
4.12.4 Importing Foreign Configurations	160
4.12.5 Import Foreign Drives in EKM/EKM Secured Locked Drives	160
4.12.6 Import Foreign Drives for LKM Secured Locked Drives	161
4.12.7 Import Foreign Drives in LKM /EKM Secured Locked Drives	161
4.12.8 Migrating the RAID Level of a Virtual Drive	162
4.12.9 New Drives Attached to a MegaRAID Controller	163
4.13 WebBIOS Dimmer Switch	164
4.13.1 Power-Save mode	170
4.13.2 Power Save Settings-Advanced	171
4.13.3 Power-Save While Creating Virtual Drives	172
MegaRAID Command Tool	173
5.1 Product Overview	173
5.2 Novell NetWare, SCO, Solaris, FreeBSD, and DOS Operating System Support	174
5.3 Command Line Abbreviations and Conventions	175
5.3.1 Abbreviations Used in the Command Line	175
5.3.2 Conventions	175
5.4 Pre-boot MegaCLI	176
5.5 CacheCade - SSD Caching Related Options	177
5.5.1 Create a Solid State Drive Cache Drive to Use as Secondary Cache	178
5.5.2 Delete a Solid State Drive Cache Drive	178
5.6 Software License Key	178
5.7 SafeStore Security Options	179
5.7.1 Use Instant Secure Erase on a Physical Drive	179
5.7.2 Secure Data on a Virtual Drive	179
5.7.3 Destroy the Security Key	180
5.7.4 Create a Security Key	180
5.7.5 Drive Security Key	180
5.7.6 Change the Security Key	181
5.7.7 Get the Security Key ID	181
5.7.8 Set the Security Key ID	181
5.7.9 Verify the Security Key	182
5.8 Controller Property-Related Options	182
5.8.1 Display Controller Properties	182
5.8.2 Display Number of Controllers Supported	182
5.8.3 Enable or Disable Automatic Rebuild	182
5.8.4 Flush Controller Cache	183
5.8.5 Set Controller Properties	183
5.8.6 Display Specified Controller Properties	185
5.8.7 Set Factory Defaults	185
5.8.8 Set SAS Address	185
5.8.9 Set Time and Date on Controller	185
5.8.10 Display Time and Date on Controller	186
5.8.11 Get Connector Mode	186
5.8.12 Set Connector Mode	186
5.9 Patrol Read-Related Controller Properties	187
5.9.1 Set Patrol Read Options	187
5.9.2 Set Patrol Read Delay Interval	187
5.10 BIOS-Related Properties	187
5.10.1 Set or Display Bootable Virtual Drive ID	187
5.10.2 Select BIOS Status Options	188
5.11 Battery Backup Unit-Related Properties	188
5.11.1 Display BBU Information	188
5.11.2 Display BBU Status Information	189
5.11.3 Display BBU Capacity	190
5.11.4 Display BBU Design Parameters	190
5.11.5 Display Current BBU Properties	191
5.11.6 Start BBU Learning Cycle	191
5.11.7 Place Battery in Low-Power Storage Mode	191
5.11.8 Set BBU Properties	192
5.12 Options for Displaying Logs Kept at the Firmware Level	192
5.12.1 Event Log Management	192
5.12.2 Set BBU Terminal Logging	193
5.13 Configuration-Related Options	193
5.13.1 Create a RAID Drive Group from All Unconfigured Good Drives	193
5.13.2 Add RAID 0, 1, 5, or 6 Configuration	195
5.13.3 Add RAID 10, 50, or 60 Configuration	196
5.13.4 Clear the Existing Configuration	196
5.13.5 Save the Configuration on the Controller	196
5.13.6 Restore the Configuration Data from File	197
5.13.7 Manage Foreign Configuration Information	197
5.13.8 Delete Specified Virtual Drive(s)	198
5.13.9 Display the Free Space	198
5.14 Virtual Drive-Related Options	198
5.14.1 Display Virtual Drive Information	198
5.14.2 Change the Virtual Drive Cache and Access Parameters	199
5.14.3 Display the Virtual Drive Cache and Access Parameters	199
5.14.4 Manage Virtual Drives Initialization	200
5.14.5 Manage a Consistency Check	200
5.14.6 Schedule a Consistency Check	201
5.14.7 Manage a Background Initialization	201
5.14.8 Perform a Virtual Drive Reconstruction	202
5.14.9 Display Information about Virtual Drives and Drives	202
5.14.10 Display the Number of Virtual Drives	202
5.14.11 Clear the LDBBM Table Entries	203
5.14.12 Display the List of Virtual Drives with Preserved Cache	203
5.14.13 Discard the Preserved Cache of a Virtual Drive(s)	203
5.14.14 Expand a Virtual Drive	203
5.15 Drive-Related Options	204
5.15.1 Display Drive Information	204
5.15.2 Set the Drive State to Online	204
5.15.3 Set the Drive State to Offline	204
5.15.4 Change the Drive State to Unconfigured Good	205
5.15.5 Change the Drive State	205
5.15.6 Manage a Drive Initialization	206
5.15.7 Rebuild a Drive	206
5.15.8 Locate the Drive(s) and Activate LED	207
5.15.9 Mark the Configured Drive as Missing	207
5.15.10 Display the Drives in Missing Status	207
5.15.11 Replace the Configured Drives and Start an Automatic Rebuild	208
5.15.12 Prepare the Unconfigured Drive for Removal	208
5.15.13 Display Total Number of Drives	208
5.15.14 Display List of Physical Devices	208
5.15.15 Download Firmware to the Physical Devices	209
5.15.16 Configure All Free Drives into a RAID 0, 1, 5, or 6 Configuration for a Specific Controller	210
5.15.17 Set the Mapping Mode of the Drives to the Selected Controller(s)	211
5.15.18 Perform the Copyback Operation on the Selected Drive	211
5.16 Enclosure-Related Options	211
5.16.1 Display Enclosure Information	211
5.16.2 Display Enclosure Status	212
5.17 Flashing the Firmware	212
5.17.1 Flash the Firmware with the ROM File	212
5.17.2 Flash the Firmware in Mode 0 with the ROM File	212
5.18 SAS Topology	213
5.19 Diagnostic-Related Options	213
5.19.1 Start Controller Diagnostics	213
5.19.2 Start Battery Test	213
5.20 Recovery (Snapshot)-Related Options	213
5.20.1 Enable the Snapshot Feature	214
5.20.2 Disable the Snapshot Feature	214
5.20.3 Take Snapshot of Volume	214
5.20.4 Set the Snapshot Properties	215
5.20.5 Delete a Snapshot	215
5.20.6 Create a View	216
5.20.7 Delete a View	216
5.20.8 Rollback to an Old Snapshot	216
5.20.9 Display Snapshot and View Information	217
5.20.10 Clean the Recoverable Free Space on the Drives in a Virtual Drive	217
5.20.11 Display the Information for a Specific View	217
5.20.12 Enabling the Snapshot Scheduler	217
5.20.13 Displays the Read and Write Configuration File	218
5.21 FastPath-related Options	218
5.22 Dimmer Switch-Related Options	219
5.22.1 Display Selected Adapter Properties	219
5.22.2 Sets the Properties on the Selected Adapter	220
5.22.3 Displays the Power Saving Level on the Virtual Disk	220
5.22.4 Displays about Adding a RAID Level to a Specified Adapter	221
5.22.5 Displays creating a RAID Level	221
5.22.6 Displays about Adding the Unconfigured Drive to a Specified Adapter	223
5.22.7 Displays the cache and access policies	224
5.23 Miscellaneous Options	224
5.23.1 Display the MegaCLI Version	224
5.23.2 Display Help for MegaCLI	224
5.23.3 Summary Information	225
MegaRAID Storage Manager Overview and Installation	227
6.1 Overview	227
6.1.1 Creating Storage Configurations	227
6.1.2 Monitoring Storage Devices	227
6.1.3 Maintaining Storage Configurations	227
6.2 Hardware and Software Requirements	227
6.3 Prerequisites to Running MSM Remote Administration	228
6.4 Installing MegaRAID Storage Manager	228
6.4.1 Prerequisite for MSM Installation	228
6.4.2 Installing MegaRAID Storage Manager Software on Microsoft Windows	229
6.4.3 Installing MegaRAID Storage Manager for SPARC	232
6.4.4 Installing MegaRAID Storage Manager Software for Linux	233
6.4.5 Prerequisites for Installing MSM on RHEL6.0 x64 Operating System	234
6.4.6 Linux Error Messages	234
6.4.7 Kernel Upgrade	234
6.4.8 MSM Customization	235
6.5 MegaRAID Storage Manager Support and Installation on VMWare	235
6.5.1 Installing MegaRAID Storage Manager for VMWare Classic	235
6.5.2 Uninstalling MegaRAID Storage Manager for VMWare	236
6.5.3 MegaRAID Storage Manager Support on the VMWare ESXi Operating System	236
6.5.4 Limitations	238
6.6 Installing and Configuring a CIM Provider	240
6.6.1 Installing a CIM SAS Storage Provider on Linux	240
6.6.2 Installing a CIM SAS Storage Provider on Windows	241
6.7 Installing and Configuring an SNMP Agent	242
6.7.1 Prerequisite for LSI SNMP Agent RPM Installation	242
6.7.2 Installing and Configuring an SNMP Agent on Linux	242
6.7.3 Installing and Configuring an SNMP Agent on Solaris	244
6.7.4 Installing an SNMP Agent on Windows	246
6.8 MegaRAID Storage Manager Support and Installation on Solaris 10	247
6.8.1 Installing MegaRAID Storage Manager Software for Solaris 10	247
6.8.2 Uninstalling MegaRAID Storage Manager Software for Solaris 10	247
6.9 Prerequisites to Running MSM Remote Administration	248
MegaRAID Storage Manager Window and Menus	249
7.1 Starting MegaRAID Storage Manager Software	249
7.2 MegaRAID Storage Manager Main Menu	252
7.2.1 Dashboard/PhysicalView/Logic al View	252
7.2.2 Properties/Graphical View Tabs	258
7.2.3 Event Log Panel	258
7.2.4 Menu Bar	259
Configuration	261
8.1 Creating a New Storage Configuration	261
8.1.1 Selecting Virtual Drive Settings	261
8.1.2 Optimum Controller settings for CacheCade	263
8.1.3 Optimum Controller settings for FastPath	263
8.1.4 Creating a Virtual Drive Using Simple Configuration	263
8.1.5 Creating a Virtual Drive Using Advanced Configuration	268
8.2 Converting JBOD Drives to Unconfigured Good	273
8.2.1 Converting JBOD to Unconfigured Good from the MSM Window	274
8.3 Adding Hot Spare Drives	275
8.4 Changing Adjustable Task Rates	276
8.5 Changing Power Settings	277
8.5.1 Enhanced Dimmer Switch Power Settings	279
8.5.2 Power Save Settings - Advanced	281
8.5.3 Automatically Spin up Drives	282
8.5.4 Power-Save Mode	282
8.5.5 Power Save Mode - SSD Drives	283
8.6 Changing Virtual Drive Properties	283
8.7 Changing a Virtual Drive Configuration	285
8.7.1 Accessing the Modify Drive Group Wizard	285
8.7.2 Adding a Drive or Drives to a Configuration	286
8.7.3 Removing a Drive from a Configuration	289
8.7.4 Replacing a Drive	289
8.7.5 Migrating the RAID Level of a Virtual Drive	290
8.7.6 New Drives Attached to a MegaRAID Controller	292
8.8 Deleting a Virtual Drive	293
Monitoring System Events and Storage Devices	295
9.1 Monitoring System Events	295
9.2 Configuring Alert Notifications	296
9.2.1 Setting Alert Delivery Methods	298
9.2.2 Changing Alert Delivery Methods for Individual Events	298
9.2.3 Changing the Severity Level for Individual Events	299
9.2.4 Multiple Events Displayed in a Single Pop-up Window	300
9.2.5 Entering or Editing the Sender E-mail Address and SMTP Server	300
9.2.6 Authenticating a Server	301
9.2.7 Saving Backup Configurations	301
9.2.8 Loading Backup Configurations	302
9.2.9 Adding E-mail Addresses of Recipients of Alert Notifications	302
9.2.10 Testing E-mail Addresses of Recipients of Alert Notifications	303
9.2.11 Removing E-mail Addresses of Recipients of Alert Notifications	303
9.3 Monitoring Controllers	304
9.4 Monitoring Drives	305
9.5 Running a Patrol Read	306
9.5.1 Patrol Read Task Rates	308
9.6 Monitoring Virtual Drives	308
9.7 Monitoring Enclosures	309
9.8 Monitoring Battery Backup Units	309
9.8.1 Battery Learn Cycle	310
9.9 Monitoring Rebuilds and Other Processes	310
Maintaining and Managing Storage Configurations	313
10.1 Initializing a Virtual Drive	313
10.1.1 Running a Group Initialization	313
10.2 Running a Consistency Check	314
10.2.1 Setting the Consistency Check Settings	315
10.2.2 Scheduling a Consistency Check	316
10.2.3 Running a Group Consistency Check	317
10.3 Scanning for New Drives	318
10.4 Rebuilding a Drive	318
10.5 Making a Drive Offline or Missing	319
10.6 Upgrading the Firmware	319
Using MegaRAID® Advanced Software	321
11.1 MegaRAID Advanced Software	321
11.2 Recovery Advanced Software	321
11.2.1 MegaRAID Software Licensing	321
11.2.2 Managing MegaRAID Advanced Software	321
11.2.3 Activation Key	323
11.2.4 Advanced MegaRAID Software Status Summary	324
11.2.5 Application Scenarios and Messages	324
11.2.6 Activating an Unlimited Key Over a Trial Key	326
11.2.7 Configuring Keyvault (Re-hosting process)	329
11.2.8 Rehosting Complete	330
11.2.9 Deactivate Trial Software	331
11.2.10 MegaRAID Recovery	332
11.2.11 Recovery Scenarios	332
11.2.12 Enabling the Recovery Advanced Software	333
11.2.13 Snapshot Repository	334
11.2.14 Selecting the Virtual Drive	336
11.2.15 Scheduling Snapshots	337
11.2.16 Editing Snapshots	338
11.2.17 Snapshot Base Details	339
11.2.18 Manage Snapshots	340
11.2.19 Editing Schedule	342
11.2.20 Advanced Settings	342
11.2.21 Create View	343
11.2.22 Viewing Snapshot Details	344
11.2.23 No View Details for Snapshot	345
11.2.24 No Snapshot Schedule	346
11.2.25 Creating Views	347
11.2.26 Restoring by Rolling Back to a Snapshot	348
11.2.27 Restoring from a View	349
11.2.28 Deleting a Snapshot	349
11.3 CacheCade Advanced Software	349
11.3.1 Using the CacheCade Advanced Software	349
11.4 FastPath Advanced Software	353
11.4.1 Setting FastPath Options	353
11.5 LSI SafeStore Encryption Services	354
11.5.1 Enabling Drive Security using EKM	355
11.5.2 Supporting EKM mode	355
11.5.3 Change Security Settings- LKM	357
11.5.4 Change Security Settings - EKM	360
11.5.5 Importing Foreign Drives	361
11.5.6 Importing Foreign Drives to LKM	362
11.5.7 Importing Foreign Drives to EKM	362
11.5.8 Importing Foreign Drives to EKM	363
11.5.9 Enabling Drive Security using LKM	364
11.5.10 Changing the Drive Security Settings	367
11.5.11 Disabling Drive Security	368
11.5.12 Importing or Clearing a Foreign Configuration	369
Events and Messages	373
A.1 Error Levels	373
A.2 Event Messages	373
MegaCLI Error Messages	387
B.1 Error Messages and Descriptions	387
Glossary	391
Notices	398

Match case Limit results 1 per page

Page 47

MegaRAID SAS Software User Guide

Chapter 3: SafeStore Disk Encryption

Overview

Chapter 3

3.1

Overview

The SafeStore Disk Encryption service offers the ability to encrypt data on drives and

use disk-based key management to provide data security. This solution provides data

protection in the event of theft or loss of physical drives. With self-encrypting drives, if

you remove a drive from its storage system or the server it is housed in, the data on that

drive is encrypted and useless to anyone who attempts to access without the

appropriate security authorization.

With the SafeStore encryption service, data is encrypted by the drives. You can

designate which data to encrypt at the individual virtual disk (VD) level.

Any encryption solution requires management of the encryption keys. The security

service provides a way to manage these keys. Both the WebBIOS Configuration Utility

(

Chapter 4

) and MegaRAID Storage Manager (

Chapter 11

) offer procedures that you

can use to manage the security settings for the drives.

3.2

Purpose and Benefits

Security is a growing market concern and requirement. MegaRAID customers are

looking for a comprehensive storage encryption solution to protect data. You can use

the SafeStore encryption service to help protect your data.

In addition, SafeStore local key management removes the administrator from most of

the daily tasks of securing data, thereby reducing user error and decreasing the risk of

data loss. Also, SafeStore local key management supports instant secure erase of drives

that permanently removes data when repurposing or decommissioning drives. These

services provide a much more secure level of data erasure than other common erasure

methods, such as overwriting or degaussing.

SafeStore Disk Encryption

This chapter describes the SafeStore™ Disk Encryption service. The SafeStore Disk

Encryption service is a collection of features within storage products that supports

self-encrypting disks. SafeStore encryption services supports Local Key Management.