Enviar búsqueda
Cargar
Nexsan_E-Series Encryption at Rest SED_US_Eng
•
0 recomendaciones
•
212 vistas
D
Deborah Lindquist
Seguir
Denunciar
Compartir
Denunciar
Compartir
1 de 5
Descargar ahora
Descargar para leer sin conexión
Recomendados
TP564_DriveTrust_Oct06
TP564_DriveTrust_Oct06
Tyson Supasatit
Symantec Backup Exec 2014 licensing guide
Symantec Backup Exec 2014 licensing guide
Symantec
Nexsan products overview / Nexsan perspectiva de productos
Nexsan products overview / Nexsan perspectiva de productos
Suministros Obras y Sistemas
Returnil 2010
Returnil 2010
Rose Banioki
2018 Infortrend All Flash Arrays Introduction (GS3025A)
2018 Infortrend All Flash Arrays Introduction (GS3025A)
infortrendgroup
recovery-series-family-datasheet 2015
recovery-series-family-datasheet 2015
Michael Standen
Configuring a highly available Microsoft Exchange Server 2013 environment on ...
Configuring a highly available Microsoft Exchange Server 2013 environment on ...
Principled Technologies
Unitrends Sales Presentation 2010
Unitrends Sales Presentation 2010
lincolng
Recomendados
TP564_DriveTrust_Oct06
TP564_DriveTrust_Oct06
Tyson Supasatit
Symantec Backup Exec 2014 licensing guide
Symantec Backup Exec 2014 licensing guide
Symantec
Nexsan products overview / Nexsan perspectiva de productos
Nexsan products overview / Nexsan perspectiva de productos
Suministros Obras y Sistemas
Returnil 2010
Returnil 2010
Rose Banioki
2018 Infortrend All Flash Arrays Introduction (GS3025A)
2018 Infortrend All Flash Arrays Introduction (GS3025A)
infortrendgroup
recovery-series-family-datasheet 2015
recovery-series-family-datasheet 2015
Michael Standen
Configuring a highly available Microsoft Exchange Server 2013 environment on ...
Configuring a highly available Microsoft Exchange Server 2013 environment on ...
Principled Technologies
Unitrends Sales Presentation 2010
Unitrends Sales Presentation 2010
lincolng
Date Guard Remote Backup
Date Guard Remote Backup
Thecus Technology Corp.,
Webinář: Provozujte datacentrum v kanceláři (Dell VRTX) / 5.9.2013
Webinář: Provozujte datacentrum v kanceláři (Dell VRTX) / 5.9.2013
Jaroslav Prodelal
Raid the redundant array of independent disks technology overview
Raid the redundant array of independent disks technology overview
IT Tech
E56576 01
E56576 01
Wilfred Mbithi Luvai
Introduzione alla nuova famiglia di NAS SnapServer
Introduzione alla nuova famiglia di NAS SnapServer
Paolo Rossi
Backup and Recovery Solution for VMware vSphere on EMC Isilon Storage
Backup and Recovery Solution for VMware vSphere on EMC Isilon Storage
EMC
it's time for data recovery company to upgrade your imaging tool
it's time for data recovery company to upgrade your imaging tool
king
Field installation guide-v3_1
Field installation guide-v3_1
Ganesh Joshi Regmi
M sata raid_adaptec
M sata raid_adaptec
laonap166
SafePeak Installation guide
SafePeak Installation guide
Vladi Vexler
RAID
RAID
Mukesh Tekwani
Backup of Data Residing on DSS V6 with Backup Exec
Backup of Data Residing on DSS V6 with Backup Exec
open-e
Discoverer 11.1.1.7 web logic (10.3.6) & ebs r12 12.1.3) implementation guide...
Discoverer 11.1.1.7 web logic (10.3.6) & ebs r12 12.1.3) implementation guide...
ginniapps
OSDC 2012 | Introduction to Eucalyptus by Olivier Renault
OSDC 2012 | Introduction to Eucalyptus by Olivier Renault
NETWAYS
Power vault md32xxi deployment guide for v mware esx4.1 r2
Power vault md32xxi deployment guide for v mware esx4.1 r2
laurentgras
ProServer - Direct network attached CD / DVD Server and Loader
ProServer - Direct network attached CD / DVD Server and Loader
Prime Array
Raid technology
Raid technology
CHANDAN KUMAR
Dataguard first apply patch
Dataguard first apply patch
Palash Sarkar
Lenovo-sr550-7x04a00gsg-data-sheet-ntm-jsc I Server Lenovo SR550 Datasheet
Lenovo-sr550-7x04a00gsg-data-sheet-ntm-jsc I Server Lenovo SR550 Datasheet
MaychuDelltphcm
ESM Installation Guide (ESM v6.9.1c)
ESM Installation Guide (ESM v6.9.1c)
Protect724tk
Secure deduplication-evault-endpoint-protection
Secure deduplication-evault-endpoint-protection
Inka Traktman
SafeNet DataSecure vs. Native SQL Server Encryption
SafeNet DataSecure vs. Native SQL Server Encryption
SafeNet
Más contenido relacionado
La actualidad más candente
Date Guard Remote Backup
Date Guard Remote Backup
Thecus Technology Corp.,
Webinář: Provozujte datacentrum v kanceláři (Dell VRTX) / 5.9.2013
Webinář: Provozujte datacentrum v kanceláři (Dell VRTX) / 5.9.2013
Jaroslav Prodelal
Raid the redundant array of independent disks technology overview
Raid the redundant array of independent disks technology overview
IT Tech
E56576 01
E56576 01
Wilfred Mbithi Luvai
Introduzione alla nuova famiglia di NAS SnapServer
Introduzione alla nuova famiglia di NAS SnapServer
Paolo Rossi
Backup and Recovery Solution for VMware vSphere on EMC Isilon Storage
Backup and Recovery Solution for VMware vSphere on EMC Isilon Storage
EMC
it's time for data recovery company to upgrade your imaging tool
it's time for data recovery company to upgrade your imaging tool
king
Field installation guide-v3_1
Field installation guide-v3_1
Ganesh Joshi Regmi
M sata raid_adaptec
M sata raid_adaptec
laonap166
SafePeak Installation guide
SafePeak Installation guide
Vladi Vexler
RAID
RAID
Mukesh Tekwani
Backup of Data Residing on DSS V6 with Backup Exec
Backup of Data Residing on DSS V6 with Backup Exec
open-e
Discoverer 11.1.1.7 web logic (10.3.6) & ebs r12 12.1.3) implementation guide...
Discoverer 11.1.1.7 web logic (10.3.6) & ebs r12 12.1.3) implementation guide...
ginniapps
OSDC 2012 | Introduction to Eucalyptus by Olivier Renault
OSDC 2012 | Introduction to Eucalyptus by Olivier Renault
NETWAYS
Power vault md32xxi deployment guide for v mware esx4.1 r2
Power vault md32xxi deployment guide for v mware esx4.1 r2
laurentgras
ProServer - Direct network attached CD / DVD Server and Loader
ProServer - Direct network attached CD / DVD Server and Loader
Prime Array
Raid technology
Raid technology
CHANDAN KUMAR
Dataguard first apply patch
Dataguard first apply patch
Palash Sarkar
Lenovo-sr550-7x04a00gsg-data-sheet-ntm-jsc I Server Lenovo SR550 Datasheet
Lenovo-sr550-7x04a00gsg-data-sheet-ntm-jsc I Server Lenovo SR550 Datasheet
MaychuDelltphcm
ESM Installation Guide (ESM v6.9.1c)
ESM Installation Guide (ESM v6.9.1c)
Protect724tk
La actualidad más candente
(20)
Date Guard Remote Backup
Date Guard Remote Backup
Webinář: Provozujte datacentrum v kanceláři (Dell VRTX) / 5.9.2013
Webinář: Provozujte datacentrum v kanceláři (Dell VRTX) / 5.9.2013
Raid the redundant array of independent disks technology overview
Raid the redundant array of independent disks technology overview
E56576 01
E56576 01
Introduzione alla nuova famiglia di NAS SnapServer
Introduzione alla nuova famiglia di NAS SnapServer
Backup and Recovery Solution for VMware vSphere on EMC Isilon Storage
Backup and Recovery Solution for VMware vSphere on EMC Isilon Storage
it's time for data recovery company to upgrade your imaging tool
it's time for data recovery company to upgrade your imaging tool
Field installation guide-v3_1
Field installation guide-v3_1
M sata raid_adaptec
M sata raid_adaptec
SafePeak Installation guide
SafePeak Installation guide
RAID
RAID
Backup of Data Residing on DSS V6 with Backup Exec
Backup of Data Residing on DSS V6 with Backup Exec
Discoverer 11.1.1.7 web logic (10.3.6) & ebs r12 12.1.3) implementation guide...
Discoverer 11.1.1.7 web logic (10.3.6) & ebs r12 12.1.3) implementation guide...
OSDC 2012 | Introduction to Eucalyptus by Olivier Renault
OSDC 2012 | Introduction to Eucalyptus by Olivier Renault
Power vault md32xxi deployment guide for v mware esx4.1 r2
Power vault md32xxi deployment guide for v mware esx4.1 r2
ProServer - Direct network attached CD / DVD Server and Loader
ProServer - Direct network attached CD / DVD Server and Loader
Raid technology
Raid technology
Dataguard first apply patch
Dataguard first apply patch
Lenovo-sr550-7x04a00gsg-data-sheet-ntm-jsc I Server Lenovo SR550 Datasheet
Lenovo-sr550-7x04a00gsg-data-sheet-ntm-jsc I Server Lenovo SR550 Datasheet
ESM Installation Guide (ESM v6.9.1c)
ESM Installation Guide (ESM v6.9.1c)
Similar a Nexsan_E-Series Encryption at Rest SED_US_Eng
Secure deduplication-evault-endpoint-protection
Secure deduplication-evault-endpoint-protection
Inka Traktman
SafeNet DataSecure vs. Native SQL Server Encryption
SafeNet DataSecure vs. Native SQL Server Encryption
SafeNet
Data Backup, Archiving & Disaster Recovery October 2011
Data Backup, Archiving & Disaster Recovery October 2011
zaheer756
EMC Symmetrix Data at Rest Encryption - Detailed Review
EMC Symmetrix Data at Rest Encryption - Detailed Review
EMC
Oracle Key Vault Data Subsetting and Masking
Oracle Key Vault Data Subsetting and Masking
DLT Solutions
TECHNICAL WHITE PAPER▶NetBackup 5330 Resiliency/High Availability Attributes
TECHNICAL WHITE PAPER▶NetBackup 5330 Resiliency/High Availability Attributes
Symantec
Zettaset Elastic Big Data Security for Greenplum Database
Zettaset Elastic Big Data Security for Greenplum Database
PivotalOpenSourceHub
twp-oracledatabasebackupservice-2183633
twp-oracledatabasebackupservice-2183633
Arush Jain
Data Protection Fde Solution Presentation
Data Protection Fde Solution Presentation
juniortstanley
Veracrypt
Veracrypt
RUTVICHANGELA
Protect data at rest with negligible impact on NVMe disk performance metrics
Protect data at rest with negligible impact on NVMe disk performance metrics
Principled Technologies
Backup exec 2014 deduplication option white paper
Backup exec 2014 deduplication option white paper
Symantec
DataKeeper_SAN-SANLess_Clusters_Windows_Product_Brief(RaxcoBE)
DataKeeper_SAN-SANLess_Clusters_Windows_Product_Brief(RaxcoBE)
Peter Vervaene
Bloombase transparent at-rest data encryption security for Dell EqualLogic
Bloombase transparent at-rest data encryption security for Dell EqualLogic
Bloombase
Sql Server 2016 Always Encrypted
Sql Server 2016 Always Encrypted
Duncan Greaves PhD
The Benefits of using Tegile
The Benefits of using Tegile
Brandon Brackett, Storage, DB, VDI Expert
EMC for Network Attached Storage (NAS) Backup and Recovery Using NDMP
EMC for Network Attached Storage (NAS) Backup and Recovery Using NDMP
EMC
DataCore Software with Cisco UCS Complete Unification of the Data Center Ser...
DataCore Software with Cisco UCS Complete Unification of the Data Center Ser...
WELLNEXT® (formerly Nature's Products, Inc.)
Study notes for CompTIA Certified Advanced Security Practitioner
Study notes for CompTIA Certified Advanced Security Practitioner
David Sweigert
1Z0-027 Exam-Oracle Exadata Database Machine Administration, Software Release
1Z0-027 Exam-Oracle Exadata Database Machine Administration, Software Release
Isabella789
Similar a Nexsan_E-Series Encryption at Rest SED_US_Eng
(20)
Secure deduplication-evault-endpoint-protection
Secure deduplication-evault-endpoint-protection
SafeNet DataSecure vs. Native SQL Server Encryption
SafeNet DataSecure vs. Native SQL Server Encryption
Data Backup, Archiving & Disaster Recovery October 2011
Data Backup, Archiving & Disaster Recovery October 2011
EMC Symmetrix Data at Rest Encryption - Detailed Review
EMC Symmetrix Data at Rest Encryption - Detailed Review
Oracle Key Vault Data Subsetting and Masking
Oracle Key Vault Data Subsetting and Masking
TECHNICAL WHITE PAPER▶NetBackup 5330 Resiliency/High Availability Attributes
TECHNICAL WHITE PAPER▶NetBackup 5330 Resiliency/High Availability Attributes
Zettaset Elastic Big Data Security for Greenplum Database
Zettaset Elastic Big Data Security for Greenplum Database
twp-oracledatabasebackupservice-2183633
twp-oracledatabasebackupservice-2183633
Data Protection Fde Solution Presentation
Data Protection Fde Solution Presentation
Veracrypt
Veracrypt
Protect data at rest with negligible impact on NVMe disk performance metrics
Protect data at rest with negligible impact on NVMe disk performance metrics
Backup exec 2014 deduplication option white paper
Backup exec 2014 deduplication option white paper
DataKeeper_SAN-SANLess_Clusters_Windows_Product_Brief(RaxcoBE)
DataKeeper_SAN-SANLess_Clusters_Windows_Product_Brief(RaxcoBE)
Bloombase transparent at-rest data encryption security for Dell EqualLogic
Bloombase transparent at-rest data encryption security for Dell EqualLogic
Sql Server 2016 Always Encrypted
Sql Server 2016 Always Encrypted
The Benefits of using Tegile
The Benefits of using Tegile
EMC for Network Attached Storage (NAS) Backup and Recovery Using NDMP
EMC for Network Attached Storage (NAS) Backup and Recovery Using NDMP
DataCore Software with Cisco UCS Complete Unification of the Data Center Ser...
DataCore Software with Cisco UCS Complete Unification of the Data Center Ser...
Study notes for CompTIA Certified Advanced Security Practitioner
Study notes for CompTIA Certified Advanced Security Practitioner
1Z0-027 Exam-Oracle Exadata Database Machine Administration, Software Release
1Z0-027 Exam-Oracle Exadata Database Machine Administration, Software Release
Más de Deborah Lindquist
Deborah Lindquist Resume_11_2016
Deborah Lindquist Resume_11_2016
Deborah Lindquist
UK_DE_Survey White Paper
UK_DE_Survey White Paper
Deborah Lindquist
TDK plastic bag concepts
TDK plastic bag concepts
Deborah Lindquist
RDX Pad Print Program
RDX Pad Print Program
Deborah Lindquist
Nexsan_About Us Flyer
Nexsan_About Us Flyer
Deborah Lindquist
Nexsan Axle Flyer
Nexsan Axle Flyer
Deborah Lindquist
Montreal posters 24x36_smaller
Montreal posters 24x36_smaller
Deborah Lindquist
LINK paper bag
LINK paper bag
Deborah Lindquist
BBBB ad concepts
BBBB ad concepts
Deborah Lindquist
Deborah Lindquist Portfolio 2016
Deborah Lindquist Portfolio 2016
Deborah Lindquist
Más de Deborah Lindquist
(10)
Deborah Lindquist Resume_11_2016
Deborah Lindquist Resume_11_2016
UK_DE_Survey White Paper
UK_DE_Survey White Paper
TDK plastic bag concepts
TDK plastic bag concepts
RDX Pad Print Program
RDX Pad Print Program
Nexsan_About Us Flyer
Nexsan_About Us Flyer
Nexsan Axle Flyer
Nexsan Axle Flyer
Montreal posters 24x36_smaller
Montreal posters 24x36_smaller
LINK paper bag
LINK paper bag
BBBB ad concepts
BBBB ad concepts
Deborah Lindquist Portfolio 2016
Deborah Lindquist Portfolio 2016
Nexsan_E-Series Encryption at Rest SED_US_Eng
1.
WHITEPAPER E-SERIES ENCRYPTION
2.
WHITEPAPER 2 Imation Corp.
1 Imation Way, Oakdale, MN 55128-3414 | p. 651.704.4000 f. 651.537.4675 | www.imation.com/nexsan © Imation Corp. Nexsan, the Nexsan logo, E-Series, FASTier, E-Centre and NestOS are trademarks of Imation Corp. All other trademarks are property of their respective owners. (Rev. 09/11/15) INTRODUCTION This paper describes the use-cases and implementation of self-encrypting drive (SED) support in the E-Series V software, implemented in version R011.1204 and later. SEDs can provide protection for data when drives leave the control of the user, whether intentionally or if stolen. As a consequence of encryption, data can also be securely erased in the event of repurposing of a drive or set of drives. OVERVIEW E-Series software supports SEDs to provide data-at-rest protection of user data on supported SAS HDDs or SSDs, once a drive has left the control of the user. This is enabled on a per-RAID set basis, and the complete system can include both SED and non-SED arrays. All drives in an encrypted array must be SEDs. It is possible to enable or disable array encryption at any time, without affecting the user data on the system. SED OVERVIEW SEDs are available from all major HDD and SSD vendors. A SED always performs encryption of all data as it is written to the media, regardless of any system or user involvement. At manufacturing time (or on demand) the drive creates a Data Encryption Key (DEK) that it stores internally to the drive, and it uses this key to encrypt and decrypt all data as it is written or read. By default, all SEDs operate identically to a non-SED drive, and can be used in non-SED mode. Since all encryption is handled in hardware, there is no performance impact to using the encryption feature. To use the drive in a secure mode, it is necessary to lock the drive. To do this, an Authentication Key (AK) is created by the drive management software (controller software in the case of E-Series V). This AK is used to encrypt the DEK, which is also typically changed at the time of locking. For more details on this process, refer to page 4.
3.
WHITEPAPER 3 Imation Corp.
1 Imation Way, Oakdale, MN 55128-3414 | p. 651.704.4000 f. 651.537.4675 | www.imation.com/nexsan © Imation Corp. Nexsan, the Nexsan logo, E-Series, FASTier, E-Centre and NestOS are trademarks of Imation Corp. All other trademarks are property of their respective owners. (Rev. 09/11/15) USE CASES There are a number of common use cases for SEDs, all associated with protecting data in various situations. The most typical use cases are described below. All drives in an encrypted array must be SEDs. It is possible to enable or disable array encryption at any time, without affecting the user data on the system. PROTECTION OF DATA ON DRIVES RETURNED FOR RMA When drives fail in an array during the warranty period, they are typically returned to the manufacturer for replacement. Often, data is still present and recoverable on the drives. Even drives that have been used in a RAID level that uses striping can have significant amount of recoverable user data, since the large stripe sizes used are sufficient to contain large fragments of files or databases. If these drives are part of an encrypted array, then any data on them is not accessible without the key, which is not stored on the drive. Therefore access to the drive’s user data is prevented. PROTECTION OF DATA ON STOLEN DRIVES If one or more drives from an encrypted array are stolen, then any data on them is not accessible without the key, which is not stored on any of the drives. This prevents access to the user data. Note that physical or administrative access to the complete system including the controllers does not protect from unauthorized access, since the storage system controller automatically unlocks the drives once the system is powered on. Appropriate security practices must still be employed to secure data path access to the storage system. DRIVE RETIREMENT OR REPURPOSING If an encrypted array of drives is deleted, part of the deletion process ensures the drive’s encryption key (DEK) is changed. This immediately ensures that the contents of the drive cannot be read, and the drive can be safely repurposed or removed from the system with no risk of exposing previous user data. An individual unused drive can also have its encryption key (DEK) changed to perform a secure erase. Without SEDs, drive retirement can take a significant amount of time to overwrite the data, and there is no guarantee that all data is erased. Secure warehousing of the drive is expensive and means the drive cannot be reused and physical destruction before the end of its useful life is wasteful. SECURE SHIPMENT Company mergers and consolidation can often lead to a requirement to move storage systems between datacenters. This poses a challenge where confidential data is stored on the drives. Using SEDs, it is possible to securely ship the drives without using secure shipping solutions and incurring the associated additional shipment costs. To ensure security of the data if drives are stolen in transit, controllers that contain the keys must be shipped separately.
4.
WHITEPAPER 4 Imation Corp.
1 Imation Way, Oakdale, MN 55128-3414 | p. 651.704.4000 f. 651.537.4675 | www.imation.com/nexsan © Imation Corp. Nexsan, the Nexsan logo, E-Series, FASTier, E-Centre and NestOS are trademarks of Imation Corp. All other trademarks are property of their respective owners. (Rev. 09/11/15) DRIVE UNLOCKING The diagram below illustrates the process of unlocking and accessing data on a locked SED. The E-Series software automatically unlocks an array when it is powered on, so no additional user interaction is required to use the array encryption functionality. The drive stores the encrypted copy of the DEK internally, and uses the AK to validate whether to unlock the drive. Once unlocked, the drive remains unlocked until it is powered off. Every time the system needs to unlock the drive, it must provide the AK. The AK can be changed at any time, and since it is only used to encrypt the DEK, the underlying data remains unaffected. For ease of management, the same AK may be used for a number of drives. The drive does not store the AK internally, it stores a hash of the AK to use for validation, and once the AK is validated, it uses the provided AK to decrypt the DEK. Yes No 3 Drive Remains Locked Encrypted DataDecrypt Ecryption Key Send Authentication Key to drive 2 Authenticated ? Clear Data 1 4 1. The controller sends the Authentication Key (AK) to the drive. 2. The drive hashes the authentication key and compares it with its stored hash to validate. 3. If the authentication is validated, the drive uses the provided authentication key to decrypt the DEK, stored on the drive media. 4. From this point, the drive automatically encrypts and decrypts all data passing through it. 1 2 3 4
5.
WHITEPAPER 5 Imation Corp.
1 Imation Way, Oakdale, MN 55128-3414 | p. 651.704.4000 f. 651.537.4675 | www.imation.com/nexsan © Imation Corp. Nexsan, the Nexsan logo, E-Series, FASTier, E-Centre and NestOS are trademarks of Imation Corp. All other trademarks are property of their respective owners. (Rev. 09/11/15) REFERENCES Trusted Computing Group (TCG) SED specifications: http://www.trustedcomputinggroup.org/solutions/data_protection ABOUT IMATION Imation is a global data storage and information security company. Imation’s Nexsan portfolio features solid-state optimized unified hybrid storage systems, secure automated archive solutions and high-density enterprise storage arrays. Nexsan solutions are ideal for mission-critical IT applications such as virtualization, cloud, databases, and collaboration; and energy efficient, high-density storage for backup and archiving. There are more than 11,000 customers of Nexsan solutions worldwide with more than 33,000 systems deployed since 1999. Nexsan systems are delivered through a worldwide network of cloud service providers, value-added resellers and solutions integrators. For more information, visit www.imation.com/nexsan. KEY GENERATION AND STORAGE The per-array authentication key (AK) is generated internally on the controller, and is stored in a private area on each controller. For redundancy, this is mirrored in the partner controller, so the system can automatically unlock the array in the event of controller failure. A replacement controller will automatically have the necessary keys installed. When an encrypted array is created or an array’s AK is changed, it is strongly recommended to download and make a backup of the key. This key should be securely stored in compliance with the user’s normal security practices, and a fresh backup made as it is changed. The AK can be changed at any time, if this is necessary for compliance with security practices. Whenever a key is created or changed, the user is prompted to download the key file for storage. Access to this file should be restricted to ensure the keys are kept private.
Descargar ahora