Manualshelf

Users Guide

ManualsBrandsDell ManualsActive System ManagerChassis Management Controller Version 2.20 for Dell PowerEdge VRTX
171172173174175176177178179180
NOTE: The Encrypt Virtual Disk option is available only if unsecure virtual disks are configured in the SED.
Encrypting Virtual Disks Using RACADM
To encrypt virtual disks by running a RACADM command, use the following syntax:
racadm raid encryptvd:Disk.Virtual.0:RAID.ChassisIntegrated.1-1
For more information, see the Chassis Management Controller PowerEdge VRTX RACADM Command Line Reference Guide.
Unlocking Foreign Configuration
Drives which are part of secure virtual disks are called secured drives. Secured drives can be migrated from one controller to
another controller. If a different encryption or security key is configured for the destination controller, the security status of these
drives is displayed as ‘locked’ and cannot be seen as part of ‘preview foreign config’. The ‘Import foreign config’ does not detect
these foreign drives.
While running the unlock command, provide the source controller passphrase and key ID for these drives. Even after unlocking, the
‘foreign controller key’ still secures these drives. However, you can see these drives while searching for foreign drives in the existing
‘preview foreign config’. You can import or clear the foreign configuration on these secure drives.
If foreign drives with different security keys are migrated from more than one controller, then unlock and import or clear the set of
drives from one foreign controller before unlocking the drives migrated from another controller. This action ensures that unlock is
not allowed on a controller, if the controller has drives that are unlocked but not imported or cleared.
Once drives are unlocked, you can import the foreign configuration using the CMC web interface or RACADM.
If the controller is power cycled after the unlock and before the import phase, the drives are locked again.
If the system has multiple foreign configurations, unlock and import each foreign configuration before unlocking the foreign
configuration.
The key ID used in unlocking is used only to identify the drives with matching the key ID. After the matching drives are found, the
passphrase is used for unlocking the drives.
NOTE: You can unlock the locked drives by only using the RACADM or WSMan commands.
Unlocking Foreign Configuration Using RACADM
To unlock foreign configuration by running a RACADM command, use the following syntax:
racadm raid unlock:<Controller FQDD> -key <Key id> -passwd <passphrase>
For more information, see the Chassis Management Controller PowerEdge VRTX RACADM Command Line Reference Guide.
Cryptographic Erase
You can use the cryptographic erase option to securely erase data present on secure SEDs. Secure data exists on drives even after
the virtual disk is deleted and is thus exposed to threat. Cryptographic erase can be used in the following conditions:
To erase data to retire/reuse secure drives.
To securely erase data if secure and locked foreign configuration need not be imported.
To recover locked drives if the passphrase is lost.
You can perform the cryptographic erase on one or more SED physical disks.
CAUTION: Performing the cryptographic erase task erases all data on the physical disk.
180