Administrator Guide
Self-Encrypting Drive (SED) Recovery
With SED Recovery, you can recover access to files on a SED through the following methods:
● Perform a one-time unlock of the drive to bypass the Preboot Authentication (PBA).
●
Unlock, then permanently remove the PBA from the drive. Single Sign-On will not function with the PBA removed.
○ With a remotely managed SED client, removing the PBA will require you to deactivate the product from the Remote
Management Console if it is necessary to re-enable the PBA in the future.
○ With a locally managed SED client, removing the PBA will require you to deactivate the product inside the OS if it is
necessary to re-enable the PBA in the future.
Recovery Requirements
For SED recovery, you need the following:
● Access to the recovery environment ISO
● Bootable CD\DVD or USB media
Overview of the Recovery Process
NOTE:
For Dell Servers running v10.2.8 and earlier, recovery requires a 32-bit environment. Dell Servers running v10.2.9 and
later provide 32-bit and 64-bit recovery bundles.
To recover a failed system:
1. Burn the recovery environment onto a CD/DVD or create a bootable USB. See Appendix A - Burning the Recovery
Environment.
2. Obtain the Recovery file.
3. Perform the recovery.
Perform SED Recovery
Follow these steps to perform a SED recovery.
Obtain the Recovery File - Remotely Managed SED Client
Obtain the recovery file.
The recovery file can be downloaded from the Remote Management Console. To download the <hostname>-sed-recovery.dat
file that was generated when you installed Dell Data Security:
a. Open the Remote Management Console and, from the left pane, select Management > Recover Data then select the SED
tab.
b. On the Recover Data screen, in the Hostname field, enter the fully qualified domain name of the endpoint, then click Search.
c. In the SED field, select an option.
d. Click Create Recovery File.
The <hostname>-sed-recovery.dat file is downloaded.
4
24 Self-Encrypting Drive (SED) Recovery