10.1 Self Encrypting Drive (SED) Initial Setup
- In the Enterprise View, select a controller.
- On the ribbon, in the Controller group, select
the Security settings.
- Click the Security Settings ribbon icon to open a
dialog based on the following criteria.
- If the controller only supports maxCrypto. For more details, see 9 Working with maxCrypto™ Devices.
- If the controller only supports Managed SED. For more details, see 10 Working with Self Encrypting Drive (SED) Based Encryption.
- If the controller only supports SPDM. For more details, see 11 Working with Security Protocol and Data Model (SPDM).
- If the controller
supports maxCrypto, Managed SED, and Security Protocol
and Data Model (SPDM) but neither are configured, perform the
following steps for SED Intial Setup.
- Click the
Security Settings ribbon icon to display the Security
Settings dialog box.
- Select Self
Encrypting Drive (SED) Based Encryption option and then
click OK. The Self Encrypting Drive (SED) Based Encryption
dialog box appears, which is explained further in this
section.
- Click the
Security Settings ribbon icon to display the Security
Settings dialog box.
- Select the Initial Setup tab to do the initial configuration of the SED based encryption settings.
- Key Management Mode: This property manages the master key based on the mode. Currently, maxView supports both Local and Remote key management mode. For Remote key mode, you need to configure the KMS server using pre-boot.
- Master Key: This property is used to set the unique key.
- It must consist of all the printable ASCII characters and length should be 8-32 characters long
- It must consist of at least one uppercase character
- It must consist of at least one lowercase character
- It must consist of at least one number
- It must consist of at least one special character
(#, @, $...)
The Master Key should be remembered or stored manually. There is no option to retrieve it; however, you can reset the Master Key.
Note: This field is applicable only for Local Mode and is disabled in Remote Mode.
- Re-Enter Master Key: This should match to
the entered master key.Note: This field is applicable only for Local Mode.
- Master Key Identifier: Master key
identifier is a hint that helps to remember master key. It is optional
and must be between 0 and 32 character long and should contain only
ASCII characters.Note: This field is applicable only for Local Mode and is disabled in Remote Mode.
- Set Controller Password: The Controller Password is an optional setting. Check the Set Controller Password check box to enable the controller password during initial setup.
- Controller Password: This is for
additional security. If a controller password is set, all SED physical
and logical devices are offline at the boot time. Enter the controller
password to bring the SED devices online. It is recommended to use the
same controller password for all encrypted controllers in the server.
When enabled, the controller does not use the master key to unlock any SEDs until the password is supplied and validated.
Note: This field is applicable only for Local Mode and is disabled in Remote Mode. - Re-Enter Controller Password: This must
match to the entered controller password.Note: This field is applicable only for Local Mode and is disabled in Remote Mode.
- Click OK. Note: For Remote key management mode configuration, a manual reboot is required to take effect. The status of the Encryption Status will be “Enabled, Waiting on Master Key” and most of the operation is not allowed until the system reboots.
The following message is displayed when the Set Controller Password is selected:
Please record the Master Key. There is no way for recovering or displaying the Master Key once the value is set. Failure to provide the Master Key may result in encrypted data being inaccessible.
Once user select the Set Controller Password, the following message gets displayed:
If a controller password is set, all encrypted logical device will be offline at boot time. The user must enter the controller password to bring the encrypted logical device online. It is recommended to use the same controller password for all encrypted controllers in the server.
After the successful completion, the status dialog gets displayed with the Controller and Master Key details.Note: This dialog box is applicable only for Local Key Management Mode.