Enabling Drive Security

This section describes how to enable, change, and disable the drive security, and how to import a foreign configuration using the SafeStore Encryption Services advanced software.

To enable drive security, the following details must be specified:

Security key identifier - The controller, by default, assigns a security key identifier. However, you can change this security key identifier as per your requirement. If you have more than one security key identifier, the controller helps you to determine which security key identifier to enter.

Security key - Provides you with an option to create secure virtual drives by specifying the security key. The security key provided by you is used to lock each self-encrypted drive attached to the controller.

Suggest Security Key - Alternatively, you can click this option to have the system create a security key for you.

Password - You can also specify a password to provide additional drive security.

Pause for password at boot time and Enforce strong password security - If you select the Pause for password at boot time, you are prompted to provide the password each time you restart your server. If you select Enforce strong password security, the system enforces you to specify a strong password.

Show Key and Show Password - You can either select or clear theShow Key and Show Password check boxes. By default, they are unchecked.

To enable drive security, perform the following steps:

1.	Navigate to the Physical tab in the left panel of the MegaRAID Storage Manager window, and select a controller.

2.	Select Go To > Controller > Enable Drive Security.

The Enable Drive Security dialog appears, as shown in the following figure.

Figure 139. Enable Drive Security – Security Key Identifier

3.	Either use the default security key identifier provided by the controller or specify a new security key identifier.

NOTE  If you create more than one security key, ensure that you change the security key identifier. Otherwise, you cannot differentiate between the security keys.

4.	Either click Suggest Security Key to have the system create a security key for you or enter a new security key and confirm.

5.	(Optional) Select the Show Key check box.

If you choose this option, the security key that you specify or the security key that is created by the system if you have clicked on Suggest Security Key, will be visible to you. If you do not select this option, the security key will not be visible to you.

CAUTION  Ensure that you note down this security key somewhere for future reference. If you are unable to provide the security key when it is required by the system, you will lose access to your data.

The security key is case-sensitive. It must be between 8 and 32 characters and contain at least one number, one lowercase letter, one uppercase letter, and one non-alphanumeric character (for example, < > @ +). The space character is not permitted.

NOTE  Non-U.S. keyboard users must be careful not to enter double-byte character set (DBCS) characters in the security key field. The firmware works with the ASCII character set only.

7.	(Optional) Select the Pause for password at boot time check box.

If you choose this option, you are prompted to provide the password each time you restart your server.

8.	(Optional) Select the Enforce strong password security check box.

If you choose this option, make sure the password is between 8 and 32 characters and contain at least one number, one lowercase letter, one uppercase letter, and one non-alphanumeric character (e.g. < > @ +). The space character is not permitted. The password is case-sensitive.

9.	(Optional) Enter a password in the Password field and confirm the same password once again in the Confirm field.

10.	(Optional) Select the Show Password check box.

If you choose this option, the password that you specify will be visible to you. If you do not select this option, the password will not be visible to you.

Warning messages appear if there is a mismatch between the characters entered in the Password field and the Confirm field, or if you have entered an invalid character.

CAUTION  Ensure that you note down this password somewhere for future reference. If you are unable to provide the password when it is required by the system, you will lose access to your data.

11.	Select the I recorded the security settings for future reference check box, then click Yes to confirm that you want to enable drive security on this controller and have recorded the security settings for future reference.

The MegaRAID Storage Managerenables drive security and returns to the main menu.