TS7780 Disk encription

You can encrypt the disk drive modules (DDMs) within a TS7700 disk storage system.

Prerequisites

Disk encryption is available on a new order from manufacturing that ordered either FC 5272, Disk Enable Encryption or FC 5276, Disk Encrypt-External Key Manager . An order of FC 5272 or FC 5276 come with FC 7405, Encryption CFD (USB Flash Drives (Four Pack) which provides four USB sticks. The following condition must also be met:
  • An entire file system must be encrypted; a mixture of encrypted and non-encrypted arrays is not supported. All arrays in all strings must be encrypted. All strings in the cluster must be encrypted.

All TS7780 configurations with 3948-CFD/XSD cache that have any encryption type that is enabled is ALWAYS shipped with local key management enabled (FC 5272). This encrypts the data in the CFD processor and places that encrypted data onto regular disk drives.

The local encryption (FC 5272 Disk Enabled Encryption) is configured during the TS7780 initial installation by the service person.
  • FC 5272 Disk Enabled Encryption is not available for field Install on the TS7780 and needs to be shipped from manufacturing for any Encryption.
  • FC 7405 must be ordered on every 3948-CFD in the TS7780 configuration.
  • FC 7405 provides four USBs sticks per 3948-CFD used to store the local encryption keys.
    Note: If external key management is later enabled, these USB sticks are no longer needed.
The External Key Encryption (FC 5276) must have FC 5272 installed on the TS7780 server before initial installation.
  • All TS7700 configurations with any encryption type enabled is ALWAYS shipped with local key management enabled first
  • Once a TS7780 with FC 5272 is configured in a customer environment and able to communicate with an external key server, then FC 5276 can be activated to transition to external key management..