Home » Lenovo Manuals » Servers » Lenovo ThinkServer RD330 » Manual Viewer

Lenovo ThinkServer RD330 MegaRAID SAS Software User Guide - Page 48

Terminology, Workflow

View all Lenovo ThinkServer RD330 manuals

Add to My Manuals
Save this manual to your list of manuals

Page 48 highlights

Chapter 3: SafeStore Disk Encryption | Terminology MegaRAID SAS Software User Guide 3.3 Terminology Table 19 describes the terminology related to the SafeStore encryption feature. Table 19: Terminology used in FDE Option Authenticated Mode Blob Key backup Password Re-provisioning Security Key Un-Authenticated Mode Volume Encryption Keys (VEK) Description The RAID configuration is keyed to a user password. The password must be provided on system boot to authenticate the user and facilitate unlocking the configuration for user access to the encrypted data. A blob is created by encrypting a key(s) using another key. There are two types of blob in the system - encryption key blob and security key blob. You need to provide the controller with a lock key if the controller is replaced or if you choose to migrate secure virtual disks. To do this, you must back up the security key. An optional authenticated mode is supported in which you must provide a password on each boot to make sure the system boots only if the user is authenticated. Firmware uses the user password to encrypt the security key in the security key blob stored on the controller. Re-provisioning disables the security system of a device. For a controller, it involves destroying the security key. For SafeStore encrypted drives, when the drive lock key is deleted, the drive is unlocked and any user data on the drive is securely deleted. This does not apply to controller-encrypted drives, because deleting the virtual disk destroys the encryption keys and causes a secure erase. See Section 3.5, Instant Secure Erase, for information about the instant secure erase feature. A key based on a user-provided string. The controller uses the security key to lock and unlock access to the secure user data. This key is encrypted into the security key blob and stored on the controller. If the security key is unavailable, user data is irretrievably lost. You must take all precautions to never lose the security key. This mode allows controller to boot and unlock access to user configuration without user intervention. In this mode, the security key is encrypted into a security key blob, stored on the controller, but instead of a user password, an internal key specific to the controller is used to create the security key blob. The controller uses the Volume Encryption Keys to encrypt data when a controller-encrypted virtual disk is created. These keys are not available to the user. The firmware (FW) uses a unique 512-bit key for each virtual disk. The VEK for the VDs are stored on the physical disks in a VEK blob. 3.4 Workflow 3.4.1 Enable Security 3.4.1.1 Create the Security Key Identifier 3.4.1.2 Create the Security Key You can enable security on the controller. After you enable security, you have the option to create secure virtual drives using a security key. There are three procedures you can perform to create secure virtual drives using a security key:  Create the security key identifier  Create the security key  Create a password (optional) The security key identifier appears whenever you enter the security key. If you have multiple security keys, the identifier helps you determine which security key to enter. The controller provides a default identifier for you. You can use the default or enter your own identifier. You need to enter the security key to perform certain operations. You can choose a strong security key that the controller suggests. Page 48

Section	Page
MegaRAID® SAS Software User Guide	13
1.1 SAS Technology	13
1.2 Serial-attached SCSI Device Interface	14
1.3 Serial ATA II Features	14
1.4 Solid State Drive Features	15
1.4.1 Solid State Drive Guard	15
1.5 Dimmer Switch Feature	16
1.6 UEFI 2.0 Support	16
1.7 Configuration Scenarios	16
1.7.1 Valid Drive Mix Configurations with HDDs and CacheCade – SSD Caching software	18
1.8 Technical Support	18
Introduction to RAID	21
2.1 RAID Description	21
2.2 RAID Benefits	21
2.3 RAID Functions	21
2.4 Components and Features	21
2.4.1 Drive Group	22
2.4.2 Virtual Drive	22
2.4.3 Fault Tolerance	22
2.4.4 Consistency Check	23
2.4.5 Copyback	23
2.4.6 Background Initialization	24
2.4.7 Patrol Read	25
2.4.8 Disk Striping	25
2.4.9 Disk Mirroring	25
2.4.10 Parity	26
2.4.11 Disk Spanning	27
2.4.12 Hot Spares	28
2.4.13 Disk Rebuilds	29
2.4.14 Rebuild Rate	30
2.4.15 Hot Swap	30
2.4.16 Drive States	30
2.4.17 Virtual Drive States	31
2.4.18 Beep Codes	31
2.4.19 Enclosure Management	31
2.5 RAID Levels	31
2.5.1 Summary of RAID Levels	32
2.5.2 Selecting a RAID Level	32
2.5.3 RAID 0	33
2.5.4 RAID 1	33
2.5.5 RAID 5	34
2.5.6 RAID 6	35
2.5.7 RAID 00	36
2.5.8 RAID 10	37
2.5.9 RAID 50	38
2.5.10 RAID 60	39
2.6 RAID Configuration Strategies	40
2.6.1 Maximizing Fault Tolerance	41
2.6.2 Maximizing Performance	42
2.6.3 Maximizing Storage Capacity	43
2.7 RAID Availability	44
2.7.1 RAID Availability Concept	44
2.8 Configuration Planning	45
2.9 Number of Drives	45
2.9.1 Drive Group Purpose	45
SafeStore Disk Encryption	47
3.1 Overview	47
3.2 Purpose and Benefits	47
3.3 Terminology	48
3.4 Workflow	48
3.4.1 Enable Security	48
3.4.2 Change Security	49
3.4.3 Create Secure Virtual Drives	49
3.4.4 Import a Foreign Configuration	50
3.5 Instant Secure Erase	50
WebBIOS Configuration Utility	53
4.1 Overview	53
4.2 Starting the WebBIOS CU	53
4.3 WebBIOS CU Main Screen Options	54
4.4 Managing Software Licensing	56
4.4.1 Managing MegaRAID Advanced Software Options	56
4.4.2 Reusing the Activation Key	59
4.4.3 Managing Advanced Software Summary	60
4.4.4 Activating an Unlimited Key Over a Trial Key	61
4.4.5 Activating a Trial Software	61
4.4.6 Activating an Unlimited Key	62
4.4.7 Securing MegaRAID Advanced Software	62
4.4.8 Confirm Rehosting Process	62
4.4.9 Rehosting Process Complete	63
4.5 Creating a Storage Configuration	64
4.5.1 Selecting the Configuration with the Configuration Wizard	64
4.5.2 Using Automatic Configuration	67
4.5.3 Using Manual Configuration	68
4.6 Creating a CacheCade Configuration	105
4.7 Selecting SafeStore Encryption Services Security Options	110
4.7.1 Enabling the Security Key Identifier, Security Key, and Password	110
4.7.2 Enabling Drive Security using EKM	115
4.7.3 Changing the Security Key Identifier, Security Key, and Pass Phrase	116
4.7.4 Change Security from EKM to LKM	117
4.7.5 Changing Security from LKM to EKM	122
4.7.6 Disabling the Drive Security Settings	123
4.8 Viewing and Changing Device Properties	125
4.8.1 Viewing Controller Properties	125
4.8.2 Viewing Virtual Drive Properties, Policies, and Operations	130
4.8.3 Viewing Drive Properties	131
4.8.4 Viewing and Changing Battery Backup Unit Information	133
4.9 Expanding a Virtual Drive	136
4.10 Using MegaRAID Recovery	137
4.10.1 Recovery Scenarios	138
4.10.2 Enabling the Recovery Advanced Software	138
4.10.3 Creating Snapshots and Views	141
4.10.4 Creating Concurrent Snapshots	145
4.10.5 Selecting the Snapshot Settings	146
4.10.6 Viewing Snapshot Properties	148
4.10.7 Restoring a Virtual Drive by Rolling Back to a Snapshot	150
4.10.8 Cleaning up a Snapshot Repository	152
4.11 Viewing System Event Information	154
4.12 Managing Configurations	156
4.12.1 Running a Consistency Check	156
4.12.2 Deleting a Virtual Drive	156
4.12.3 Importing or Clearing a Foreign Configuration	156
4.12.4 Importing Foreign Configurations	160
4.12.5 Import Foreign Drives in EKM/EKM Secured Locked Drives	160
4.12.6 Import Foreign Drives for LKM Secured Locked Drives	161
4.12.7 Import Foreign Drives in LKM /EKM Secured Locked Drives	161
4.12.8 Migrating the RAID Level of a Virtual Drive	162
4.12.9 New Drives Attached to a MegaRAID Controller	163
4.13 WebBIOS Dimmer Switch	164
4.13.1 Power-Save mode	170
4.13.2 Power Save Settings-Advanced	171
4.13.3 Power-Save While Creating Virtual Drives	172
MegaRAID Command Tool	173
5.1 Product Overview	173
5.2 Novell NetWare, SCO, Solaris, FreeBSD, and DOS Operating System Support	174
5.3 Command Line Abbreviations and Conventions	175
5.3.1 Abbreviations Used in the Command Line	175
5.3.2 Conventions	175
5.4 Pre-boot MegaCLI	176
5.5 CacheCade - SSD Caching Related Options	177
5.5.1 Create a Solid State Drive Cache Drive to Use as Secondary Cache	178
5.5.2 Delete a Solid State Drive Cache Drive	178
5.6 Software License Key	178
5.7 SafeStore Security Options	179
5.7.1 Use Instant Secure Erase on a Physical Drive	179
5.7.2 Secure Data on a Virtual Drive	179
5.7.3 Destroy the Security Key	180
5.7.4 Create a Security Key	180
5.7.5 Drive Security Key	180
5.7.6 Change the Security Key	181
5.7.7 Get the Security Key ID	181
5.7.8 Set the Security Key ID	181
5.7.9 Verify the Security Key	182
5.8 Controller Property-Related Options	182
5.8.1 Display Controller Properties	182
5.8.2 Display Number of Controllers Supported	182
5.8.3 Enable or Disable Automatic Rebuild	182
5.8.4 Flush Controller Cache	183
5.8.5 Set Controller Properties	183
5.8.6 Display Specified Controller Properties	185
5.8.7 Set Factory Defaults	185
5.8.8 Set SAS Address	185
5.8.9 Set Time and Date on Controller	185
5.8.10 Display Time and Date on Controller	186
5.8.11 Get Connector Mode	186
5.8.12 Set Connector Mode	186
5.9 Patrol Read-Related Controller Properties	187
5.9.1 Set Patrol Read Options	187
5.9.2 Set Patrol Read Delay Interval	187
5.10 BIOS-Related Properties	187
5.10.1 Set or Display Bootable Virtual Drive ID	187
5.10.2 Select BIOS Status Options	188
5.11 Battery Backup Unit-Related Properties	188
5.11.1 Display BBU Information	188
5.11.2 Display BBU Status Information	189
5.11.3 Display BBU Capacity	190
5.11.4 Display BBU Design Parameters	190
5.11.5 Display Current BBU Properties	191
5.11.6 Start BBU Learning Cycle	191
5.11.7 Place Battery in Low-Power Storage Mode	191
5.11.8 Set BBU Properties	192
5.12 Options for Displaying Logs Kept at the Firmware Level	192
5.12.1 Event Log Management	192
5.12.2 Set BBU Terminal Logging	193
5.13 Configuration-Related Options	193
5.13.1 Create a RAID Drive Group from All Unconfigured Good Drives	193
5.13.2 Add RAID 0, 1, 5, or 6 Configuration	195
5.13.3 Add RAID 10, 50, or 60 Configuration	196
5.13.4 Clear the Existing Configuration	196
5.13.5 Save the Configuration on the Controller	196
5.13.6 Restore the Configuration Data from File	197
5.13.7 Manage Foreign Configuration Information	197
5.13.8 Delete Specified Virtual Drive(s)	198
5.13.9 Display the Free Space	198
5.14 Virtual Drive-Related Options	198
5.14.1 Display Virtual Drive Information	198
5.14.2 Change the Virtual Drive Cache and Access Parameters	199
5.14.3 Display the Virtual Drive Cache and Access Parameters	199
5.14.4 Manage Virtual Drives Initialization	200
5.14.5 Manage a Consistency Check	200
5.14.6 Schedule a Consistency Check	201
5.14.7 Manage a Background Initialization	201
5.14.8 Perform a Virtual Drive Reconstruction	202
5.14.9 Display Information about Virtual Drives and Drives	202
5.14.10 Display the Number of Virtual Drives	202
5.14.11 Clear the LDBBM Table Entries	203
5.14.12 Display the List of Virtual Drives with Preserved Cache	203
5.14.13 Discard the Preserved Cache of a Virtual Drive(s)	203
5.14.14 Expand a Virtual Drive	203
5.15 Drive-Related Options	204
5.15.1 Display Drive Information	204
5.15.2 Set the Drive State to Online	204
5.15.3 Set the Drive State to Offline	204
5.15.4 Change the Drive State to Unconfigured Good	205
5.15.5 Change the Drive State	205
5.15.6 Manage a Drive Initialization	206
5.15.7 Rebuild a Drive	206
5.15.8 Locate the Drive(s) and Activate LED	207
5.15.9 Mark the Configured Drive as Missing	207
5.15.10 Display the Drives in Missing Status	207
5.15.11 Replace the Configured Drives and Start an Automatic Rebuild	208
5.15.12 Prepare the Unconfigured Drive for Removal	208
5.15.13 Display Total Number of Drives	208
5.15.14 Display List of Physical Devices	208
5.15.15 Download Firmware to the Physical Devices	209
5.15.16 Configure All Free Drives into a RAID 0, 1, 5, or 6 Configuration for a Specific Controller	210
5.15.17 Set the Mapping Mode of the Drives to the Selected Controller(s)	211
5.15.18 Perform the Copyback Operation on the Selected Drive	211
5.16 Enclosure-Related Options	211
5.16.1 Display Enclosure Information	211
5.16.2 Display Enclosure Status	212
5.17 Flashing the Firmware	212
5.17.1 Flash the Firmware with the ROM File	212
5.17.2 Flash the Firmware in Mode 0 with the ROM File	212
5.18 SAS Topology	213
5.19 Diagnostic-Related Options	213
5.19.1 Start Controller Diagnostics	213
5.19.2 Start Battery Test	213
5.20 Recovery (Snapshot)-Related Options	213
5.20.1 Enable the Snapshot Feature	214
5.20.2 Disable the Snapshot Feature	214
5.20.3 Take Snapshot of Volume	214
5.20.4 Set the Snapshot Properties	215
5.20.5 Delete a Snapshot	215
5.20.6 Create a View	216
5.20.7 Delete a View	216
5.20.8 Rollback to an Old Snapshot	216
5.20.9 Display Snapshot and View Information	217
5.20.10 Clean the Recoverable Free Space on the Drives in a Virtual Drive	217
5.20.11 Display the Information for a Specific View	217
5.20.12 Enabling the Snapshot Scheduler	217
5.20.13 Displays the Read and Write Configuration File	218
5.21 FastPath-related Options	218
5.22 Dimmer Switch-Related Options	219
5.22.1 Display Selected Adapter Properties	219
5.22.2 Sets the Properties on the Selected Adapter	220
5.22.3 Displays the Power Saving Level on the Virtual Disk	220
5.22.4 Displays about Adding a RAID Level to a Specified Adapter	221
5.22.5 Displays creating a RAID Level	221
5.22.6 Displays about Adding the Unconfigured Drive to a Specified Adapter	223
5.22.7 Displays the cache and access policies	224
5.23 Miscellaneous Options	224
5.23.1 Display the MegaCLI Version	224
5.23.2 Display Help for MegaCLI	224
5.23.3 Summary Information	225
MegaRAID Storage Manager Overview and Installation	227
6.1 Overview	227
6.1.1 Creating Storage Configurations	227
6.1.2 Monitoring Storage Devices	227
6.1.3 Maintaining Storage Configurations	227
6.2 Hardware and Software Requirements	227
6.3 Prerequisites to Running MSM Remote Administration	228
6.4 Installing MegaRAID Storage Manager	228
6.4.1 Prerequisite for MSM Installation	228
6.4.2 Installing MegaRAID Storage Manager Software on Microsoft Windows	229
6.4.3 Installing MegaRAID Storage Manager for SPARC	232
6.4.4 Installing MegaRAID Storage Manager Software for Linux	233
6.4.5 Prerequisites for Installing MSM on RHEL6.0 x64 Operating System	234
6.4.6 Linux Error Messages	234
6.4.7 Kernel Upgrade	234
6.4.8 MSM Customization	235
6.5 MegaRAID Storage Manager Support and Installation on VMWare	235
6.5.1 Installing MegaRAID Storage Manager for VMWare Classic	235
6.5.2 Uninstalling MegaRAID Storage Manager for VMWare	236
6.5.3 MegaRAID Storage Manager Support on the VMWare ESXi Operating System	236
6.5.4 Limitations	238
6.6 Installing and Configuring a CIM Provider	240
6.6.1 Installing a CIM SAS Storage Provider on Linux	240
6.6.2 Installing a CIM SAS Storage Provider on Windows	241
6.7 Installing and Configuring an SNMP Agent	242
6.7.1 Prerequisite for LSI SNMP Agent RPM Installation	242
6.7.2 Installing and Configuring an SNMP Agent on Linux	242
6.7.3 Installing and Configuring an SNMP Agent on Solaris	244
6.7.4 Installing an SNMP Agent on Windows	246
6.8 MegaRAID Storage Manager Support and Installation on Solaris 10	247
6.8.1 Installing MegaRAID Storage Manager Software for Solaris 10	247
6.8.2 Uninstalling MegaRAID Storage Manager Software for Solaris 10	247
6.9 Prerequisites to Running MSM Remote Administration	248
MegaRAID Storage Manager Window and Menus	249
7.1 Starting MegaRAID Storage Manager Software	249
7.2 MegaRAID Storage Manager Main Menu	252
7.2.1 Dashboard/PhysicalView/Logic al View	252
7.2.2 Properties/Graphical View Tabs	258
7.2.3 Event Log Panel	258
7.2.4 Menu Bar	259
Configuration	261
8.1 Creating a New Storage Configuration	261
8.1.1 Selecting Virtual Drive Settings	261
8.1.2 Optimum Controller settings for CacheCade	263
8.1.3 Optimum Controller settings for FastPath	263
8.1.4 Creating a Virtual Drive Using Simple Configuration	263
8.1.5 Creating a Virtual Drive Using Advanced Configuration	268
8.2 Converting JBOD Drives to Unconfigured Good	273
8.2.1 Converting JBOD to Unconfigured Good from the MSM Window	274
8.3 Adding Hot Spare Drives	275
8.4 Changing Adjustable Task Rates	276
8.5 Changing Power Settings	277
8.5.1 Enhanced Dimmer Switch Power Settings	279
8.5.2 Power Save Settings - Advanced	281
8.5.3 Automatically Spin up Drives	282
8.5.4 Power-Save Mode	282
8.5.5 Power Save Mode - SSD Drives	283
8.6 Changing Virtual Drive Properties	283
8.7 Changing a Virtual Drive Configuration	285
8.7.1 Accessing the Modify Drive Group Wizard	285
8.7.2 Adding a Drive or Drives to a Configuration	286
8.7.3 Removing a Drive from a Configuration	289
8.7.4 Replacing a Drive	289
8.7.5 Migrating the RAID Level of a Virtual Drive	290
8.7.6 New Drives Attached to a MegaRAID Controller	292
8.8 Deleting a Virtual Drive	293
Monitoring System Events and Storage Devices	295
9.1 Monitoring System Events	295
9.2 Configuring Alert Notifications	296
9.2.1 Setting Alert Delivery Methods	298
9.2.2 Changing Alert Delivery Methods for Individual Events	298
9.2.3 Changing the Severity Level for Individual Events	299
9.2.4 Multiple Events Displayed in a Single Pop-up Window	300
9.2.5 Entering or Editing the Sender E-mail Address and SMTP Server	300
9.2.6 Authenticating a Server	301
9.2.7 Saving Backup Configurations	301
9.2.8 Loading Backup Configurations	302
9.2.9 Adding E-mail Addresses of Recipients of Alert Notifications	302
9.2.10 Testing E-mail Addresses of Recipients of Alert Notifications	303
9.2.11 Removing E-mail Addresses of Recipients of Alert Notifications	303
9.3 Monitoring Controllers	304
9.4 Monitoring Drives	305
9.5 Running a Patrol Read	306
9.5.1 Patrol Read Task Rates	308
9.6 Monitoring Virtual Drives	308
9.7 Monitoring Enclosures	309
9.8 Monitoring Battery Backup Units	309
9.8.1 Battery Learn Cycle	310
9.9 Monitoring Rebuilds and Other Processes	310
Maintaining and Managing Storage Configurations	313
10.1 Initializing a Virtual Drive	313
10.1.1 Running a Group Initialization	313
10.2 Running a Consistency Check	314
10.2.1 Setting the Consistency Check Settings	315
10.2.2 Scheduling a Consistency Check	316
10.2.3 Running a Group Consistency Check	317
10.3 Scanning for New Drives	318
10.4 Rebuilding a Drive	318
10.5 Making a Drive Offline or Missing	319
10.6 Upgrading the Firmware	319
Using MegaRAID® Advanced Software	321
11.1 MegaRAID Advanced Software	321
11.2 Recovery Advanced Software	321
11.2.1 MegaRAID Software Licensing	321
11.2.2 Managing MegaRAID Advanced Software	321
11.2.3 Activation Key	323
11.2.4 Advanced MegaRAID Software Status Summary	324
11.2.5 Application Scenarios and Messages	324
11.2.6 Activating an Unlimited Key Over a Trial Key	326
11.2.7 Configuring Keyvault (Re-hosting process)	329
11.2.8 Rehosting Complete	330
11.2.9 Deactivate Trial Software	331
11.2.10 MegaRAID Recovery	332
11.2.11 Recovery Scenarios	332
11.2.12 Enabling the Recovery Advanced Software	333
11.2.13 Snapshot Repository	334
11.2.14 Selecting the Virtual Drive	336
11.2.15 Scheduling Snapshots	337
11.2.16 Editing Snapshots	338
11.2.17 Snapshot Base Details	339
11.2.18 Manage Snapshots	340
11.2.19 Editing Schedule	342
11.2.20 Advanced Settings	342
11.2.21 Create View	343
11.2.22 Viewing Snapshot Details	344
11.2.23 No View Details for Snapshot	345
11.2.24 No Snapshot Schedule	346
11.2.25 Creating Views	347
11.2.26 Restoring by Rolling Back to a Snapshot	348
11.2.27 Restoring from a View	349
11.2.28 Deleting a Snapshot	349
11.3 CacheCade Advanced Software	349
11.3.1 Using the CacheCade Advanced Software	349
11.4 FastPath Advanced Software	353
11.4.1 Setting FastPath Options	353
11.5 LSI SafeStore Encryption Services	354
11.5.1 Enabling Drive Security using EKM	355
11.5.2 Supporting EKM mode	355
11.5.3 Change Security Settings- LKM	357
11.5.4 Change Security Settings - EKM	360
11.5.5 Importing Foreign Drives	361
11.5.6 Importing Foreign Drives to LKM	362
11.5.7 Importing Foreign Drives to EKM	362
11.5.8 Importing Foreign Drives to EKM	363
11.5.9 Enabling Drive Security using LKM	364
11.5.10 Changing the Drive Security Settings	367
11.5.11 Disabling Drive Security	368
11.5.12 Importing or Clearing a Foreign Configuration	369
Events and Messages	373
A.1 Error Levels	373
A.2 Event Messages	373
MegaCLI Error Messages	387
B.1 Error Messages and Descriptions	387
Glossary	391
Notices	398

Match case Limit results 1 per page

Page 48

MegaRAID SAS Software User Guide

Chapter 3: SafeStore Disk Encryption

Terminology

3.3

Terminology

Table 19

describes the terminology related to the SafeStore encryption feature.

3.4

Workflow

3.4.1

Enable Security

You can enable security on the controller. After you enable security, you have the

option to create secure virtual drives using a security key.

There are three procedures you can perform to create secure virtual drives using a

security key:



Create the security key identifier



Create the security key



Create a password (optional)

3.4.1.1

Create the Security Key

Identifier

The security key identifier appears whenever you enter the security key. If you have

multiple security keys, the identifier helps you determine which security key to enter.

The controller provides a default identifier for you. You can use the default or enter your

own identifier.

3.4.1.2

Create the Security Key

You need to enter the security key to perform certain operations. You can choose a

strong security key that the controller suggests.

Table 19:

Terminology used in FDE

Option

Description

Authenticated Mode

The RAID configuration is keyed to a user password. The password must be provided on system boot to

authenticate the user and facilitate unlocking the configuration for user access to the encrypted data.

Blob

A blob is created by encrypting a key(s) using another key. There are two types of blob in the system –

encryption key blob and security key blob.

Key backup

You need to provide the controller with a lock key if the controller is replaced or if you choose to migrate

secure virtual disks. To do this, you must back up the security key.

Password

An optional authenticated mode is supported in which you must provide a password on each boot to

make sure the system boots only if the user is authenticated. Firmware uses the user password to encrypt

the security key in the security key blob stored on the controller.

Re-provisioning

Re-provisioning disables the security system of a device. For a controller, it involves destroying the

security key. For SafeStore encrypted drives, when the drive lock key is deleted, the drive is unlocked and

any user data on the drive is securely deleted. This does not apply to controller-encrypted drives, because

deleting the virtual disk destroys the encryption keys and causes a secure erase. See

Section 3.5,

Instant

Secure Erase

, for information about the instant secure erase feature.

Security Key

A key based on a user-provided string. The controller uses the security key to lock and unlock access to the

secure user data. This key is encrypted into the security key blob and stored on the controller. If the

security key is unavailable, user data is irretrievably lost. You must take all precautions to never lose the

security key.

Un-Authenticated Mode

This mode allows controller to boot and unlock access to user configuration without user intervention. In

this mode, the security key is encrypted into a security key blob, stored on the controller, but instead of a

user password, an internal key specific to the controller is used to create the security key blob.

Volume Encryption Keys (VEK)

The controller uses the Volume Encryption Keys to encrypt data when a controller-encrypted virtual disk

is created. These keys are not available to the user. The firmware (FW) uses a unique 512-bit key for each

virtual disk. The VEK for the VDs are stored on the physical disks in a VEK blob.