Dell PS Series Architecture: Self Encrypting Drive Management with PS Series Storage Arrays Dell Storage Engineering February 2017 A Dell EMC Technical White Paper
Revisions Date Description May 2013 Initial release February 2017 Updated to reflect industry changes The information in this publication is provided “as is.” Dell Inc. makes no representations or warranties of any kind with respect to the information in this publication, and specifically disclaims implied warranties of merchantability or fitness for a particular purpose. Use, copying, and distribution of any software described in this publication requires an applicable software license.
Table of Contents 1 Introduction ...................................................................................................................................................................4 2 SED technology overview ............................................................................................................................................6 3 2.1 Protecting data from unauthorized access .............................................................................................
Executive summary Data and intellectual property are the life blood for a company in the modern information driven economy. Although a considerable amount of money and effort has been spent towards protecting corporate networks from outside intrusions, many security analysts agree that there are still significant vulnerabilities relating to data theft by either physically stealing, misplacing, inappropriate redeployment or disposal of hard drives from corporate computers and storage arrays.
1 Introduction Whether it is sensitive customer information, intellectual property or proprietary data that helps a company reach its strategic objectives, company data is often its most valuable asset. If this data is misplaced or stolen, organizations run the risk of lost revenue, legal repercussions and a tarnished reputation.
The emergence of full disk encryption technology and SEDs is timely in mitigating the security vulnerabilities of data at rest. SEDs are also becoming a standardized technology across many top drive vendors, which allows for interoperability and ensures greater market competition and competitive pricing.
2 SED technology overview An SED is a self-encrypting hard drive with encryption and decryption functions built into the disk drive controller chip that encrypts all data written to the media and automatically decrypts all the data read from the media. All SED solutions have three main parts: the storage subsystem (the PS Series array), the drive electronics and the drive storage media.
Accessing data on a SED 1. Data is requested from the self-encrypting drive by the storage subsystem. The storage subsystem sends its access key (AK) to the drive electronics. 2. The drive electronics hash the authentication key from the storage subsystem and pull the stored hashed access key from the drive storage. The hashed keys are compared. 3.
2.2 Instant Secure Erase Another security method available with SEDs is Instant Secure Erase (ISE). Alternative methods, such as degaussing each drive or simply overwriting the data with zeros, are available to permanently erase this data. However, these methods are often expensive, slow or do not provide complete data erasure. Typically, whenever an SED populated array is reset to factory default condition, each drive in the array is instructed to destroy the stored encrypted MEK, and then lock itself.
3 Securing data with SED technology on PS Series arrays As the leader in storage technologies, Dell EMC provides support and management capabilities that allow users to safely secure their data-at-rest in PS Series arrays. This support is offered through AutoSED which combines local key management with SEDs. The Dell AutoSED feature provides the all of the benefits of SED security with no special effort on the part of the administrator.
Reuse of a drive from another array (The drive will be initially marked as a foreign drive ISE is invoked and the drive is converted to a spare after the administrator confirms that the drive should be used) A drive that fails, and then comes back to life (ISE is invoked, then the drive is set to history-of-failure) A drive that is removed while the array is running (without faulting the system) and then reinserted (ISE is invoked, then the drive becomes a spare) The AutoSED secure erase function c
11 Insider attack. Any person who possesses the administrator password can access any volume on the array, or change ACLs to allow others to do the same. Similarly, a compromised host can access volumes that the host is authorized to access. SED devices cannot provide protection against improper access to an online data volume. Data in flight. SEDs are intended to solely provide protection for data at rest, and thus provide no protection for data in flight on the network.
4 Summary As demonstrated, AutoSED technology and PS Series arrays provide a robust data-at-rest security solution. This solution further ensures that the provided enterprise level data security is easy to use and fully automatic, requiring no user interaction. In addition, AutoSED injects no performance degradation in storage operations.
A PS Series SED storage procedures A.1 Backing up the access key using the PS Series Group Manager GUI The AutoSED machinery is very robust and remains functional even when severe failures have taken the array offline. The backup is only needed in exceptional circumstances, such as the loss of more than half the drives from an array. The SED Access Key is never explicitly revealed as part of the backup process. Rather, it is cryptographically rewritten into a set of three unique backup units.
3. Copy the long string (130 hexadecimal characters) from the file and paste it onto the command line after the keyd command. The first 56 characters, the header, is the same for all three pieces. You might have to keep scrolling to the right to see all the characters in the string. This is normal and works as designed. 4. Repeat the process with keyshares 2 and 3. 5. Press [Enter].
B Frequently Asked Questions Why are my key backups always different? Although the encryption key never changes, the backup will look different each time it is generated. The three backup units are cryptographic images of the key, never generated the same way twice. Why is there no secure-erase command? None is needed.
No. Every drive in the member has been securely erased. The data has been cryptographically destroyed. Recovery is impossible. What if the entire array is stolen? Security is compromised. The array will unlock itself when it boots, as it did before it was stolen. What if the grpadmin password is stolen? Security is compromised. The adversary can simply connect to the array over the network and read the data. Is it safe to discard or return a locked SED? Yes.
C Key terms and glossary Key terms C.1 Location and management How it is generated Required to encrypt and decrypt data Resides on & managed by the drive. It is never transferred from the drive. Every drive has its own unique encryption key. Generated by the drive at the manufacturer, then regenerated at the customer site if used with the instant secure erase feature. Needed to unlock a drive. Automatically provided to the drives by AutoSED, or manually using the backup units.
D Technical Support and resources Dell.com/support is focused on meeting customer needs with proven services and support. Dell TechCenter is an online technical community where IT professionals have access to numerous resources for Dell EMC software, hardware and services. Storage Solutions Technical Documents on Dell TechCenter provide expertise that helps to ensure customer success on Dell EMC Storage platforms. D.
