SED authentication keys

Netezza Performance Server for Cloud Pak for Data System

Note: This feature is not supported if you have Netezza Performance Server 11.2.2.X and later installed on Cloud Pak for Data System 2.X.

The authentication keys you use to lock the SEDs have the following requirements and behaviors.

You can create and apply an authentication key to auto-lock the SPU drives and the drives in the storage arrays. An authentication key must be 32 bytes, the format is base64. The keys are managed using the IBM® GSKit software. No other key management software or server is required.

CAUTION:
Always protect and back up the authentication keys that you create and apply to the disks. If you lose the keys, the disks cannot be unlocked when they are powered on. You will be unable to read data from the disks, and you could prevent the Netezza Performance Server system from starting.

You could create a conforming key for SPU AEKs, but as a best practice, you should use the nzkey generate command to automatically create a random, conformant AEK for the SPU drives and store it in your local key store if you have configured that support for your appliance.

The SEDs in the storage arrays use the SPU AEK to auto-lock the drives. The storage array SPU keys must meet the following requirements:
  • The key value must be 32 bytes in length.
  • The key can use base64 format string.