Table 5.3 Data Encryption Function Specifications - Fujitsu ETERNUS DX80 S2 Overview

Chapter 5 Basic Functions
5.2 Security
Table 5.3 Data encryption function specifications
Functional specification
Type of key
Encryption unit
Encryption method
Key management server linkage
*1: AES (Advanced Encryption Standard: Federal Information Processing Standards) method
The Fujitsu original encryption method uses a Fujitsu original algorithm that has been specifically created for
ETERNUS DX Disk storage systems.
The following section describes the features of each encryption function.
■ Self Encrypting Drive
Each SED has the encryption function and data can be encrypted by controlling the encryption function of an
SED from the controller.
An SED uses an encryption key when encrypting and writing data. This encryption key cannot be read from an
SED.
The controller performs authentication by using the authentication key that is stored in the controller or by
using the authentication key that is retrieved from the key server to access the drives. For the authentication
key that can be registered in the ETERNUS DX Disk storage system, this key can be automatically created by
using the settings in ETERNUS Web GUI or ETERNUS CLI.
By linking with the key server, the authentication key of an SED can be managed from the key server.
Creating and storing an authentication key in a key server makes it possible to manage the authentication
key more securely.
By consolidating authentication keys for multiple ETERNUS DX Disk storage systems in the key server, the
management cost of authentication keys can be reduced. Key management server linkage can be used with
an SED authentication key operation. Only one type of authentication key can be registered in each device.
■
Volume conversion encryption
This function converts a volume to an encrypted volume in the ETERNUS DX Disk storage system. Encryption is
performed when data is written from the cache memory to the drive.
When encrypted data is read, the data is decrypted in the cache memory.
For Standard/Open volumes, SDVs, and SDPVs, encryption is performed for each volume. For Thin Provisioning
Volumes and Flexible Tier Volumes (FTVs), encryption is performed for each pool.
The Fujitsu original method has practically the same security level as AES128. The time that is required for
conversion is shorter than AES. The Fujitsu original encryption method is recommended for use unless a
standard encryption method is required.
Self Encrypting Drive (SED)
Authentication key
Drive
AES256
Yes
57
ETERNUS DX80 S2/DX90 S2 Disk storage system Overview
Copyright 2013 FUJITSU LIMITED
Volume conversion encryption
Encryption key
Volume, Pool (RAID group)
AES128 (*1)/Fujitsu original
No
P3AM-4812-11ENZ0