Data Encryption

Encrypting data as it is being written to the drive prevents information leakage caused by fraudulent decoding. Even if a drive is removed and stolen by malicious third parties, data cannot be decoded.

This function only encrypts the data stored on the drives, so server access results in the transmission of plain text. Therefore, this function does not prevent data leakage from server access. It only prevents data leakage from drives that are physically removed.

The following two types of data encryption are supported:

• Self Encrypting Drive (SED)

  This drive type has an encryption function. Data is encrypted when it is written. Encryption using SEDs is recommended because SEDs do not affect system performance.

  SEDs are locked the instant that they are removed from the storage system, which ensures no data is read or written with these drives. This encryption prevents information leakage from drives that are stolen or replaced for maintenance. Because the drive does not need to be physically destroyed during disposal, costs can be reduced for drive disposal.

• Firmware Data Encryption

  Data is encrypted on a volume basis by the controllers (CMs) of the ETERNUS DX. Data is encrypted and unencrypted in the cache memory when data is written or read.

  AES (*1) or Fujitsu Original Encryption can be selected as the encryption method. The Fujitsu Original Encryption method uses a Fujitsu original algorithm that has been specifically created for ETERNUS DX storage systems.

  *1

  :

  Advanced Encryption Standard (AES) Standard encryption method selected by The National Institute of Standards and Technology (NIST). The key length of AES is 128 bits, 192 bits, or 256 bits. The encryption strength becomes higher with a longer key length.

The following table shows the functional comparison of SED and firmware data encryption.