Skip to main content
E-Series Systems

Unlock drives

Contributors netapp-driley netapp-jsnyder NetAppZacharyWambold netapp-echurch netapp-jolieg
PDFs

The Drive Security feature for these controllers will lock down the drives partially, externally, or internally. If the Drive Security feature is enabled, you must manually unlock these drives.

Follow the appropriate procedure for:

Internal key management

Follow these steps for internal key management when all drives are locked.

About this task

The newly swapped controllers will lock down with a seven-segment display code of L5. This lock-down occurs when no drives can perform autocode synchronization (ACS). After the security key is imported, ACS resumes and updates the new controllers.

Note If you are not using management port 1, try with other default IP addresses:
Ctrl A port 1: 169.254.128.101
Ctrl A port 2: 169.254.128.102
Ctrl B port 1: 169.254.128.101
Ctrl B port 2: 169.254.128.102
Steps

  1. Make a direct, private ethernet connection between the storage array and the SANtricity client's laptop or PC. To do this:

    1. Use an RJ45 ethernet cable to connect the laptop to management port 1 on controller A.

    2. To complete the connection, you might need to assign the laptop to an IP address in the same subnet as controller A. During controller lockdown, controller A defaults to a management address of 169.254.128.101. So you can assign the laptop to a subnet such as "169.254.128.201".

  2. Using the IP address 169.254.128.101 with username admin and the password blank, import the internal key using the import storageArray securityKey file CLI command, with the security key saved from Prepare to upgrade controllers. For information about using this command, see the Command Line Interface reference.

    Example: SMcli 169.254.128.101 -k -u admin -p "" -c "import storageArray securityKey file=\"Directory&FileName\" passPhrase=\"passPhraseString\";"

    Alternatively, you can import the internal key via the Rest API through the following call: /storage-systems/{system-id}/security-key/import

Controllers will continue with the autocode synchronization process from the drives and reboot. After reboot the controllers will be accessible through the original IP configuration.

External key management

Follow these steps for external key management when all drives are locked.

About this task

The newly swapped controllers will lock down with a seven-segment display code of L5. This lock-down occurs when no drives can perform autocode synchronization (ACS). After the security key is imported, ACS resumes and updates the new controllers.

Steps

  1. Make a direct, private ethernet connection between the storage array and the SANtricity client's laptop or PC. To do this:

    1. Use an RJ45 ethernet cable to connect the laptop to management port 1 on controller A.

    2. To complete the connection, you might need to assign the laptop to an IP address in the same subnet as controller A. During controller lockdown, controller A defaults to a management address of 169.254.128.101. So you can assign the laptop to a subnet such as "169.254.128.201".

  2. Using the security key saved from Prepare to upgrade controllers, import the external key to IP address 169.254.128.101 with the username admin and the password remaining blank.

    Example: SMcli 169.254.128.101 -k -u admin -p "" -c "import storageArray securityKey file=\"Directory&FileName\" passPhrase=\"passPhraseString\";"

    Alternatively, you can import the external key via the Rest API through the following call: /storage-systems/{system-id}/security-key/import

    Controllers will continue with the autocode synchronization process from the drives and reboot. After reboot the controllers will be accessible through the original IP configuration.

  3. (Optional) If needed, the drives can be rekeyed by performing the following:

    Example: SMcli <original_controller _ip> -u admin -p "<original_array_password>" -c "create storageArray securityKey" passPhrase=\"passPhraseString\" file=\"filename\";”