TS7770 Disk encryption

Edit online

You can encrypt the disk drive modules (DDMs) within a TS7700 disk storage system.

Prerequisites

Disk encryption is available on a new order from manufacturing that ordered either FC 5272, Disk Enabled Encryption or FC 5276, Disk encrypt - External key manager. An order of FC 5272 or FC 5276 come with FC 7405, Encryption CSB (USB Flash Drives (Four Pack)) which provides four USB sticks. The following condition must also be met:
  • An entire file system must be encrypted; a mixture of encrypted and non-encrypted arrays is not supported. All arrays in all strings must be encrypted. All strings in the cluster must be encrypted.

All TS7770 configurations with 3956-CSB/XSB cache that have any encryption type that is enabled is ALWAYS shipped with local key management enabled (FC 5272). This encrypts the data in the CSB processor and places that encrypted data onto regular disk drives.

The local encryption (FC 5272 Disk Enabled Encryption) is configured during the TS7770 initial installation by the service person.
  • FC 5272 Disk Enabled Encryption is not available for field Install on the TS7770 and needs to be shipped from manufacturing for any Encryption.
  • FC 7405 must be ordered on every 3956-CSB in the TS7770 configuration.
  • FC 7405 provides four USBs sticks per 3956-CSB used to store the local encryption keys.
    Note: If external key management is later enabled, these USB sticks are no longer needed.
The External Key Encryption (FC 5276) must have FC 5272 installed on the TS7770 server before initial installation.
  • All TS7700 configurations with any encryption type enabled is ALWAYS shipped with local key management enabled first
  • Once a TS7770 with FC 5272 is configured in a customer environment and able to communicate with an external key server, then FC 5276 can be activated to transition to external key management..