Enabling Drive Security

Ensure that MFC settings related to security are enabled in the firmware.

Perform the following steps to enable security on the drives.

  1. In the Controller dashboard, select More Actions > Enable Drive Security.
  2. Select the Local Key Management (LKM) option from the Choose the security key management mode drop-down list.
    The Enable Drive Security dialog appears with the following options that lets you enable the drive security.
    Figure 1. Enable Drive Security

    To enable drive security, the following details must be specified:

    • Security Key Identifier – The controller, by default, assigns a security key identifier.

      However, you can change this security key identifier as per your requirement. If you have more than one security key identifier, the controller helps you to determine which security key identifier to enter.

    • Security Key – Provides you with an option to create secure virtual drives by specifying the security key.

      The security key provided by you locks each SED drive attached to the controller.

    • Suggest Security Key – Alternatively, you can click this option to have the system create a security key for you.
    • Password – You can also specify a password to provide additional drive security.
    • Pause for password at boot time and Enforce strong password security – If you select the Pause for password at boot time, you are prompted to provide the password each time you restart your server.

      If you select Enforce strong password security, the system enforces you to specify a strong password.

    • Show Key and Show Password – You can either select or clear the Show Key and Show Password check boxes. By default, they are not selected.

    To enable drive security, perform the following steps:

  3. Either use the default security key identifier provided by the controller or specify a new security key identifier.
    Note: If you create more than one security key, ensure that you change the security key identifier. Otherwise, you cannot differentiate between the security keys.
  4. Either click Suggest Security Key to have the system create a security key for you, or enter a new security key in the Security Key field and confirm.
  5. (Optional) – Select the Show Key check box.

    If you choose this option, the security key that you specify, or the security key that is created by the system if you have clicked Suggest Security Key, will be visible to you. If you do not select this option, the security key will not be visible to you.

    Note: Ensure that you note down this security key somewhere for future reference. If you are unable to provide the security key when it is required by the system, you will lose access to your data.

    The security key is case-sensitive. It must be between 8 and 32 characters and contain at least one number, one lowercase letter, one uppercase letter, and one nonalphanumeric character (for example, < > @ +). The space character is not permitted.

    Non-U.S. keyboard users must be careful not to enter double-byte character set (DBCS) characters in the security key field. The firmware works with the ASCII character set only.

  6. (Optional) – Select the Pause for password at boot time check box.

    If you choose this option, you are prompted to provide the password each time you restart your server.

  7. (Optional) – Select the Enforce strong password security check box.

    If you choose this option, make sure the password is between 8 and 32 characters and contain at least one number, one lowercase letter, one uppercase letter, and one non-alphanumeric character (for example, < > @ +). The space character is not permitted. The password is case-sensitive.

  8. (Optional) – Enter a password in the Password field and confirm the same password once again in the Confirm field.
  9. (Optional) – Select the Show Password check box.
    If you choose this option, the password that you specify will be visible to you. If you do not select this option, the password will not be visible to you.
    Warning messages appear if there is a mismatch between the characters entered in the Password field and the Confirm field, or if you have entered an invalid character.
    caution: Make sure to write down this password somewhere for future reference. If you are unable to provide the password when it is required by the system, you will lose access to your data.
  10. Select the Confirm check box, then click Enable Security to confirm that you want to enable drive security on this controller.
Parent topic: MegaRAID SafeStore Encryption Services