2.
Basic Functions
Data Encryption
Firmware Data Encryption
The firmware in the ETERNUS DX has the firmware data encryption function. This function encrypts
a volume when it is created, or converts a created volume into an encrypted volume.
Because data encryption with firmware is performed with the controller in the ETERNUS DX, the
performance is degraded, comparing with unencrypted data access.
The encryption method can be selected from the world standard AES-128, the world standard
AES-256, and the Fujitsu Original Encryption method. The Fujitsu Original Encryption method that is
based on AES technology uses a Fujitsu original algorithm that has been specifically created for
ETERNUS DX storage systems. The Fujitsu Original Encryption method has practically the same se-
curity level as AES-128 and the conversion speed for the Fujitsu Original Encryption method is fast-
er than AES. Although AES-256 has a higher encryption strength than AES-128, the Read/Write ac-
cess performance degrades. If importance is placed upon the encryption strength, AES-256 is rec-
ommended. However, if importance is placed upon performance or if a standard encryption meth-
od is not particularly required, the Fujitsu Original Encryption method is recommended.
Figure 37 Firmware Data Encryption
Encrypted
Encryption
setting for each LUN.
Unencrypted
Encryption is performed when data is written from the cache memory to the drive. When encryp-
ted data is read, the data is decrypted in the cache memory. Cache memory data is not encrypted.
For Standard volumes, SDVs, SDPVs, and WSVs, encryption is performed for each volume. For TPVs
and FTVs, encryption is performed for each pool.
Fujitsu Storage ETERNUS DX100 S4/DX200 S4, ETERNUS DX100 S3/DX200 S3 Hybrid Storage Systems Design Guide (Basic)
Server A
Server B
66
Copyright 2023 Fujitsu Limited
Server C
Cannot be decoded
ETERNUS DX
P3AM-7642-32ENZ0