Drive Security overview

Contributors netapp-jolieg

You can configure Drive Security and key management from the Security Key Management page.

What is Drive Security?

Drive Security is a feature that prevents unauthorized access to data on secure-enabled drives when removed from the storage array. These drives can be either Full Disk Encryption (FDE) drives or Federal Information Processing Standard (FIPS) drives. When FDE or FIPS drives are physically removed from the array, they cannot operate until they are installed in another array, at which point, the drives will be in a Security Locked state until the correct security key is provided. A security key is a string of characters that is shared between these types of drives and the controllers in a storage array.

Learn more:

How do I configure key management?

To implement Drive Security, you must have either FDE drives or FIPS drives installed in the array. To configure key management for these drives, you go to Settings  System  Security key management where you can create either an internal key from the controller’s persistent memory or an external key from a key management server. Finally, you enable Drive Security for pools and volume groups by selecting "secure-capable" in the volume settings.

Learn more:

How do I unlock drives?

If you configured key management and then later move secure-enabled drives from one storage array to another, you must re-assign the security key to the new storage array to gain access to the encrypted data on the drives.

Learn more: