Encrypted Arrays with LSI SafeStore: Difference between revisions
| Line 68: | Line 68: | ||
Reboot into the LSI <span class="code">WebBIOS</span> by pressing <span class="code">ctrl + h</span> during the boot sequence. | Reboot into the LSI <span class="code">WebBIOS</span> by pressing <span class="code">ctrl + h</span> during the boot sequence. | ||
Click on <span class="code">Advanced Software Options</span>. | |||
Confirm that the <span class="code">SafeStore</span> option is enabled, then click <span class="code">Back</span>. | |||
Revision as of 20:20, 1 December 2014
This covers how to use LSI's SafeStore controller option along with Seagate Self-Encrypting Drives (SED). This provides protection of drive contents at rest and enables instant secure erase (ISE). This allows for the rapid and irreversible destruction of all data on the array(s) in seconds.
Keys
The first step is to purchase a SafeStore license (hardware or software key). If your controller supports hardware keys, follow the key's installation instructions. Once connected, the feature will immediately become available.
If you are using the software license, the steps are slightly more involved. These steps will be documented in the next section.
Software Key
After purchasing the software key, you will get a License Authentication Code (LAC). This will be used in a moment.
Create (or log into) LSI's Advanced Software License Management Portal.
If you don't have an account, you will need to enter an LAC to start the account creation process.
 |
Note: For this tutorial, we are using the Fujitsu D3116C controller, which is based on the LSI 9260-8i. |
On the next window, you will be asked to enter the controller type. We will use '9260-81'. Once entered, press "Activate".
As a new user, a pop-up will ask you to enter your last name and your email address. Do so. Next you will be asked more information about you and your company, provide the information.
Once the account is created, you will be presented with the entitlement and a form to enter the controller's "Serial Number" and "Safe ID". To get this information, you can either look at the controller's information it the controller's BIOS or you can retrieve it via "MegaCli64".
| node | MegaCli64 AdpAllInfo a0 | grep "Serial No" && MegaCli64 ELF GetSafeId a0 | grep "Safe ID"
Serial No : xxxxxxxxxxxxxxxx
Safe ID is yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy
|
|---|
Enter the information into the form and the press "Next".
In the next step, read and agree to the EULA, enter the email address you want the key(s) sent to, enter a note if you wish and then click "Finish".
You will get an email with the activation key. This is what we will enter into the controller to enable the SafeStore option. You can either manually enter this key into the controller via the controller's BIOS, or you can enter it using the MegaCli64 tool, which we will do.
| node | MegaCli64 -elf applykey key zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz -a0
Successfully applied the Activation key. Please restart the system for the changes to take effect.
FW error description:
To complete the requested operation, please reboot the system.
Exit Code: 0x59
|
|---|
Done!
 |
Warning: Your data is *NOT* encrypted at this stage! |
Using Encryption
Until now, we covered enabling the SafeStore function. Now we'll cover it's use.
Encrypting the Data
Reboot into the LSI WebBIOS by pressing ctrl + h during the boot sequence.
Click on Advanced Software Options.
Confirm that the SafeStore option is enabled, then click Back.
http://mycusthelp.info/LSI/_cs/AnswerDetail.aspx?inc=8285
| node |
|---|
| Any questions, feedback, advice, complaints or meanderings are welcome. | |||
| Alteeve's Niche! | Enterprise Support: Alteeve Support |
Community Support | |
| © Alteeve's Niche! Inc. 1997-2024 | Anvil! "Intelligent Availability®" Platform | ||
| legal stuff: All info is provided "As-Is". Do not use anything here unless you are willing and able to take responsibility for your own actions. | |||