Email: evarainbow@evarainbow.com

HX Self-Encrypting Drives – Cisco HyperFlex Overview

Self-encrypting drives (SEDs) have special hardware that encrypts incoming data and decrypts outgoing data in real-time. The data on the disk is always stored in encrypted form. A media encryption key controls this encryption and decryption. This key is never stored in the processor or memory.

A security key, also known as key-encryption key or an authentication passphrase, is used to encrypt the media encryption key. To enable SED, you must provide a security key. No key is required to fetch the data, if the disk is not locked.

The Cisco HyperFlex system enables you to configure security keys locally or remotely. When you configure the key locally, you must remember the key. In case you forget the key, it cannot be retrieved, and the data is lost if the drive power cycles. You can configure the key remotely by using a key management server (also known as KMIP server). This method addresses the issues related to safe-keeping and retrieval of the keys in the local management.

The encryption/decryption for SEDs is done through the hardware. Thus, it does not affect the overall system performance. SEDs reduce the disk retirement and redeployment costs through instantaneous cryptographic erasure. Cryptographic erasure is done by changing the media encryption key. When the media encryption key of a disk is changed, the data on the disk cannot be decrypted and is immediately rendered unusable.

Configuring a Local Encryption Key

To configure a local encryption key, follow these steps:

Step 1. On the Cisco HyperFlex Connect navigation pane, choose Encryption.

Step 2. On the Encryption page, click Configure Encryption.

Step 3. Enter the Cisco UCS Manager credentials shown in Table 15-2.

Table 15-2 Local Encryption Cisco UCS Manager Credentials Information

Click Next.

Step 4. To secure the HyperFlex cluster using an encryption key generated and stored locally, select Local Key. Then click Next.

Step 5. Enter the encryption key (passphrase) for this cluster.

Note

Enter exactly 32 alphanumeric characters.

Step 6. Click Enable Encryption.

Leave a Reply

Your email address will not be published. Required fields are marked *