Key Encryption in Lifecycle Controller This Dell Technical White Paper provides information about using the Key Encryption in Lifecycle Controller on on the 12th Generation servers and later of Dell. Dell Engineering December 2013 Balaji K Bala Gupta Vinod P S Sheshadri P.R.
Revisions Date Description Nov 2013 Initial release THIS WHITE PAPER IS FOR INFORMATIONAL PURPOSES ONLY, AND MAY CONTAIN TYPOGRAPHICAL ERRORS AND TECHNICAL INACCURACIES. THE CONTENT IS PROVIDED AS IS, WITHOUT EXPRESS OR IMPLIED WARRANTIES OF ANY KIND. © 2013 Dell Inc. All rights reserved. Reproduction of this material in any manner whatsoever without the express written permission of Dell Inc. is strictly forbidden. For more information, contact Dell.
vCenter® and vSphere® are registered trademarks or trademarks of VMware, Inc. in the United States or other countries. IBM® is a registered trademark of International Business Machines Corporation. Broadcom® and NetXtreme® are registered trademarks of Broadcom Corporation. Qlogic is a registered trademark of QLogic Corporation.
Contents Revisions ..................................................................................................................................................................................................2 Executive Summary ...............................................................................................................................................................................5 Introduction .........................................................................................
Executive Summary This whitepaper provides information about using Key Encryption feature in Lifecycle Controller on Dell PowerEdge Servers. Introduction Key Encryption is a feature provided in Lifecycle Controller to enable local key encryption, rekey encryption, or delete the encryption key on storage controllers. This feature enables ease of operation by providing an easy-and-simple-to-use interactive GUI. The feature can be used if at least one securitycapable controller is present in the system.
Figure1.
5. Click Setup Local Key Encryption and click Next. Figure2. Select Encryption Type 6. Type data in the following boxes and click Finish. a. Encryption Key Identifier: Type a unique identifier that is used to identify the encryption key with which the virtual disks are encrypted. This feature enables you to identify the encryption key of the encrypted virtual disks. b. New Passphrase: Type a security key to encrypt the virtual disks.
Figure3. Encryption Configuration Figure4.
After you type data in all the boxes, click Finish. Lifecycle controller validates the passphrase. If the passphrase fulfills all the criteria, a message is displayed. Figure5. Security will be enabled on the controller 7. Click Yes to create an Encryption key. After successful creation of an ecryption key, a message is displayed. Figure6.
Encrypting Unsecure Virtual Disks This feature is used for securing the virtual disks created using RAID Configuration on security-capable disk drives (SEDs—Self Encryption–capable Disks). To use this option, the pre-requisites are: The selected controller must be security-capable Self-encryption-capable disk drives with Virtual Disk created on them Controller is in local-key-encryption mode To encrypt an unsecured virtual disk: 1. 2. 3. 4. 5. Start Lifecycle Controller.
6. Select a virtual disk you want to encrypt, and then click Finish. Figure8.
Rekeying Controller and Encrypted Disks with a New Local Key This option is available when the security key is already created on a controller card. You can change the existing security key to another key by using this feature available in Lifecycle Controller. To rekey the existing security key: 1. 2. 3. 4. 5. Start Lifecycle Controller. In the left pane, click Hardware Configuration. In the right pane, click Configuration Wizard. Under Storage Configuration Wizards, click Key Encryption.
Figure10. Rekey Controller After clicking Finish, Lifecycle Controller validates the existing passphrase, and then the new passphrase. If the validation is successful, a message is displayed. Figure11.
7. Click Yes to recreate the key with a new passphrase. After successfully recreating the encryption key, a message is displayed. Figure12.
Removing Encryption and Deleting Data This feature is used to disable the encryption already present in the controller and the virtual disks, and then deleting data on the secured virtual disk. To disable the encryption and delete data on the secured virtual disks: 1. 2. 3. 4. 5. Start Lifecycle Controller. In the left pane, click Hardware Configuration. In the right pane, click Configuration Wizard. Under Storage Configuration Wizards, click Key Encryption.
6. Select the Delete encryption key and all the secure virtual disks option, and then click Finish. This feature permanently deletes the encryption key, virtual disks, and the data stored on the virtual disks. Figure14. Delete Encryption Configuration After clicking Finish, a message is displayed asking whether or not you want to permanently delete data. Figure15.
7. To delete encryption key and all the secure virtual disks, click Yes. After successful deletion of encryption key, a message is displayed. Figure16.
