Памяти и накопители Seagate (ST16000NM002G) - инструкция пользователя по применению, эксплуатации и установке на русском языке. Мы надеемся, она поможет вам решить возникшие у вас вопросы при эксплуатации техники.
Если остались вопросы, задайте их в комментариях после инструкции.
"Загружаем инструкцию", означает, что нужно подождать пока файл загрузится и можно будет его читать онлайн. Некоторые инструкции очень большие и время их появления зависит от вашей скорости интернета.
Seagate Exos X16 SAS Product Manual, Rev. K
35
www.seagate.com
About self-encrypting drives
8.0
About self-encrypting drives
Self-encrypting drives (SEDs) offer encryption and security services for the protection of stored data, commonly known as “protection of data at
rest.” These drives are compliant with the Trusted Computing Group (TCG) Enterprise Storage Specifications as detailed in
.
The Tr usted Computing Group ( TCG ) is an organization sponsored and operated by companies in th e computer, storag e and digital
communications industry. Seagate’s SED models comply with the standards published by the TCG.
To use the security features in the drive, the host must be capable of constructing and issuing the following two SCSI commands:
• Security Protocol Out
• Security Protocol In
These commands are used to convey the TCG protocol to and from the drive in their command payloads.
8.1
Data encryption
Encrypting drives use one inline encryption engine for each port, employing AES-256 bit data encryption in AES-XTS mode to encrypt all data
prior to being written on the media and to decrypt all data as it is read from the media. The encryption engines are always in operation and
cannot be disabled.
The 32-byte Data Encryption Key (DEK) is a random number which is generated by the drive, never leaves the drive, and is inaccessible to the host
system. The DEK is itself encrypted when it is stored on the media and when it is in volatile temporary storage (DRAM) external to the encryption
engine. A unique data encryption key is used for each of the drive's possible 32 data bands (see
).
8.2
Controlled access
The drive has two security providers (SPs) called the “Admin SP” and the “Locking SP.” These act as gatekeepers to the drive security services.
Security-related commands will not be accepted unless they also supply the correct credentials to prove the requester is authorized to perform
the command.
8.2.1
Admin SP
The Admin SP allows the drive's owner to enable or disable firmware download operations (see
). Access to the Admin SP is available
using the SID (Secure ID) password or the MSID (Manufacturers Secure ID) password.
8.2.2
Locking SP
The Locking SP controls read/write access to the media and the cryptographic erase feature. Access to the Locking SP is available using the
BandMasterX or EraseMaster passwords. Since the drive owner can define up to 32 data bands on the drive, each data band has its own password
called BandMasterX where X is the number of the data band (0 through 31).
8.2.3
Default password
When the drive is shipped from the factory, all passwords are set to the value of MSID. This 32-byte random value can only be read by the host
electronically over the interface. After receipt of the drive, it is the responsibility of the owner to use the default MSID password as the authority to
change all other passwords to unique owner-specified values.
8.3
Random number generator (RNG)
The drive has a 32-byte hardware RNG that it is uses to generate encryption keys or, if requested to do so, to provide random numbers to the host
for system use, including using these numbers as Authentication Keys (passwords) for the drive’s Admin and Locking SPs.
8.4
Drive locking
In addition to changing the passwords, as described in
, the owner should also set the data access controls for the individual bands.
Th e va r iabl e “Lo ckO nR es et ” s hou ld b e set to “Power Cycle ” to en su re t hat t he dat a b and s w ill be lo cked if p ower i s l ost . I n ad di tio n
“ReadLockEnabled” and “WriteLockEnabled” must be set to true in the locking table in order for the bands “LockOnReset” setting of “PowerCycle”
to actually lock access to the band when a “PowerCycle” event occurs. This scenario occurs if the drive is removed from its cabinet. The drive will
not honor any data read or write requests until the bands have been unlocked. This prevents the user data from being accessed without the
appropriate credentials when the drive has been removed from its cabinet and installed in another system.
When the drive is shipped from the factory, the firmware download port is unlocked.
Характеристики
Остались вопросы?Не нашли свой ответ в руководстве или возникли другие проблемы? Задайте свой вопрос в форме ниже с подробным описанием вашей ситуации, чтобы другие люди и специалисты смогли дать на него ответ. Если вы знаете как решить проблему другого человека, пожалуйста, подскажите ему :)
