Disk Enclosures
1748061 Members
5333 Online
108758 Solutions
New Discussion

Self Encrypting SAS HDD with Smart Array P411

 
robertcompton
Occasional Visitor

Self Encrypting SAS HDD with Smart Array P411

Good morning,

  I'm trying to find out if it is possible to use self encrypting SAS HDD's housed in a StorageWorks D2600 and connected to my DL380 G7 via a Smart Array P411 controller.

 

  I cannot see any mention of self encryption being supported by the P411 in any of the literature I've seen.

 

  My aim is to swap out the current SAS HDD's and replace them all with self encrypting ones instead.  The main reason is that I want to remove the encryption load from the servers CPU and hand it over to the hardware on the HDD instead.

 

  Does anyone know if this scenario is at all possible?

 

  Regards

 

RobC

3 REPLIES 3
Dennis Handly
Acclaimed Contributor

Re: Self Encrypting SAS HDD with Smart Array P411

>replace them all with self encrypting ones instead.

 

Unless you have software that "takes ownership" of the SEDs, there is no protection of data.

The SEDs will be quite happy to encrypt on writes and decrypt on reads.

robertcompton
Occasional Visitor

Re: Self Encrypting SAS HDD with Smart Array P411

Hi Dennis,

  Thanks for the response.  I know SED's encrypt/decrypt all the time.  The point of SED's is for them to be encrypted and data is unatainable - or at least much harder to obtain - should the drives be stolen or an incorrect key is entered at system boot time.

 

  SED's seem like a great idea by removing the encryption load from the CPU to the HDD but it seems like the technology is too new to be able to get infromation from vendors.

 

  I'd still appreciate it anyone can tell me if my proposed set up will work.

 

  Regards

 

RobC

Dennis Handly
Acclaimed Contributor

Re: Self Encrypting SAS HDD with Smart Array P411

>The point of SEDs is for them to be encrypted and data is unattainable - should the drives be stolen or an incorrect key is entered at system boot time.

 

Yes.  You must have software to take ownership of the drive.  This includes changing the authentication key and to set lock on powerfail.  And as you said, software to read the key and unlock the band.