![]() |
MegaRAID Storage Manager Online Help System |
Importing Foreign Drives
You can import foreign drives in the LKM or EKM mode. Based on the mode selected and the secured drives, the following scenarios occur.
Perform the following steps to configure the Scan Foreign Configuration wizard.
- Select the Physical View tab in the left panel of the MegaRAID Storage Manager main menu screen, and click a controller icon.
- Choose any one of the following options to enable the Scan Foreign Configuration wizard.
- Right-click the controller node in the device tree in the left frame of the MegaRAID Storage Manager main menu screen, and select Scan Foreign Configuration.
- Select Go To -> Controller -> Scan Foreign Configuration in the menu bar.
If a foreign configuration is detected, the Foreign Configuration Detected screen appears. If you choose Import and click OK, the Unlock Foreign drives wizard appears.Importing Foreign Drives to LKM
When VD is secured with EKM mode, and if you change the security settings from EKM mode to LKM mode, and want to import those foreign configured VDs, then the following dialog box appears.
Figure 102 Importing Foreign Drives- EKM to LKM
Importing Foreign Drives to EKM
When VD is secured with LKM mode, and want to switch from LKM to EKM, and that VD is in Foreign state, and if you want to import those foreign configuration, you need to provide the LKM key for each VD.
Figure 103 Unlock Foreign DrivesAfter you enter the security key in the Security key field, the system tries to unlock each of the locked foreign drives using the security key. If at least one drive is unlocked, then the Import preview screen is displayed. If no drives are unlocked, the Incorrect security Key dialog is displayed.
Importing Foreign Drives to EKM
When VD is secured with EKM mode, and that VD is in Foreign state, and if you switch to LKM mode, and if you want to import to foreign configuration, then the dialog box appears as shown in the following figure.
Figure 104 Switch to EKM Mode
Enabling Drive Security using LKM
This section describes how to enable, change, and disable drive security, and how to import a foreign configuration using the SafeStore Encryption Services advanced software.
To enable security on the drives, you need to perform the following actions to set drive security:
- Enter a security key identifier.
A security key identifier appears whenever you have to enter a security key. If you have more than one security key, the identifier helps you determine which security key to enter.- Enter a security key.
After you create a security key, you have the option to create secure virtual drives using the key. You have to use the security key to perform certain operations.You can improve security by entering a password. To provide additional security, you can require the password whenever anyone boots the server.
Perform the following steps to enable drive security.
- Select the Physical View tab in the left panel of the MegaRAID Storage Manager main menu screen, and click a controller icon.
- Select Go To -> Controller -> Change Drive Security -> Enable.
The Enable Drive Security screen appears as shown in the following figure.Figure 105 Enable Drive Security - Security Key Identifier
- Use the default security key identifier or enter a new security key identifier.
If you create more than one security key, make sure that you change the security key identifier. Otherwise, you cannot differentiate between the security keys.
- Click Suggest Security Key to have the system create a security key or you can enter a new security key.
- Enter the new security key again to confirm, as shown in Figure 106.
If you forget the security key, you will lose access to your data. Be sure to record your security key information. You might need to enter the security key to perform certain operations.
The security key is case-sensitive. It must be between 8 and 32 characters and contain at least one number, one lowercase letter, one uppercase letter, and one non-alphanumeric character (e.g. < > @ +). The space character is not permitted.
Non-US keyboard users must be careful not to enter DBCS characters in the security key field. Firmware works with the ASCII character set only.
Figure 106 shows the security key entered and confirmed on this screen.Figure 106 Enable Drive Security - Security Key
- (Optional) Select the Pause for password at boot time check box.
If you choose this option, you have to enter the password whenever you boot the server.- (Optional) Select the Enforce strong password security check box.
If you choose this option, make sure the password is between eight and thirty-two characters and contain at least one number, one lowercase letter, one uppercase letter, and one non-alphanumeric character (e.g. < > @ +). The space character is not permitted. The password is case-sensitive.- (Optional) Enter a password in the Password field and then enter the same password in the Confirm field, as shown in Figure 107.
Warning messages appear if there is a mismatch between the characters entered in the Password field and the Confirm field, or if there is an invalid character entered.
Be sure to record the password. If you lose the password, you could lose access to your data.
Figure 107 shows the password entered and confirmed on this screen.Figure 107 Enable Drive Security - Password- Click Next.
The Confirm Enable Drive Security screen appears, as shown in Figure 108, to show the changes requested to the drive security settings.
If you forget the security key, you will lose access to your data. Be sure to record your security key. You might need to enter the security key to perform certain operations.
Figure 108 Confirm Create Security Key Screen
- Click the checkbox I recorded the security settings for future reference and then click Yes to confirm that you want to enable drive security on this controller and have recorded the security settings for future reference.
MSM enables drive security and returns you to the main menu screen.Changing the Drive Security Settings
Perform the following steps to change the encryption settings for the security key identifier, security key, and password.
- Select the Physical View tab in the left panel of the MegaRAID Storage Manager main menu screen, and click a controller icon.
- Select Go To -> Controller -> Change Drive Security.
The Change Security Settings – Introduction screen appears. This screen lists the actions you can perform, which include editing the security key identifier, security key, and the password.- Click Next.
The Change Security Settings - Security Key ID screen appears.- Keep the existing security key identifier or enter a new security key identifier.
If you change the security key, LSI highly recommends that you change the security key identifier. Otherwise, you cannot differentiate between the security keys.
- Click Next.
The Change Security Settings - Security Key screen appears.- Click Use the existing drive security key to use the existing drive security key or enter a new security key and then enter the new security key again to confirm.
If you forget the security key, you will lose access to your data. Be sure to record your security key information. You might need to enter the security key to perform certain operations.
The security key is case-sensitive. It must be between 8 and 32 characters and contain at least one number, one lowercase letter, one uppercase letter, and one non-alphanumeric character (e.g. < > @ +). The space character is not permitted.
Non-US keyboard users must be careful not to enter DBCS characters in the security key field. Firmware works with the ASCII character set only.
- Click Next.
The Authenticate Drive Security Settings Screen appears. Authentification is required for the changes that you requested to the drive security settings.- Enter the current security key to authenticate the changes.
The Change Security Settings - Password screen appears.- If you choose to, click the option to use a password in addition to the security key.
- If you chose to use a password, either enter the existing password or enter a new password, and enter the password again to confirm.
The text box for the passphrase can hold up to 32 characters. The key must be at least eight characters.The next screen that appears describes the changes you made and asks you whether you want to confirm these changes.- Click the checkbox to confirm that you have recorded the security settings for future reference and then click Yes to confirm that you want to change the drive security settings.
MSM updates the existing configuration on the controller to use the new security settings and returns you to the main menu.
DB09-000202-04 37857-02 Rev. E October 2010 Copyright© 2010 by LSI Corporation. All rights reserved. You can find a list of the LSI U.S. distributors, international distributors, sales offices, and design resource centers on the LSI web site at: http://www.lsi.com/cm/ContactSearch.do |