Firmware Data Encryption
The firmware in the
ETERNUS DX has the firmware data encryption function. This function encrypts
a volume when it is created, or converts a created volume into an encrypted volume.
Because data encryption with firmware is performed with the controller in the ETERNUS DX, the
performance is degraded, comparing with unencrypted data access.
The encryption method can be selected from the world standard AES-128, the world standard
AES-256, and the Fujitsu Original Encryption method. The Fujitsu Original Encryption method that is
based on AES technology uses a Fujitsu original algorithm that has been specifically created for
ETERNUS DX storage systems. The Fujitsu Original Encryption method has practically the same se-
curity level as AES-128 and the conversion speed for the Fujitsu Original Encryption method is fast-
er than AES. Although AES-256 has a higher encryption strength than AES-128, the Read/Write ac-
cess performance degrades. If importance is placed upon the encryption strength, AES-256 is rec-
ommended. However, if importance is placed upon performance or if a standard encryption meth-
od is not particularly required, the Fujitsu Original Encryption method is recommended.
Figure 37 Firmware Data Encryption
ETERNUS DX
Server A Server B Server C
Cannot be decoded
Encrypted
Encryption
setting for each LUN.
Unencrypted
Encryption is performed when data is written from the cache memory to the drive. When encryp-
ted data is read, the data is decrypted in the cache memory. Cache memory data is not encrypted.
For Standard volumes, SDVs, SDPVs, and WSVs, encryption is performed for each volume. For TPVs
and FTVs, encryption is performed for each pool.
2. Basic Functions
Data Encryption
66
Fujitsu Storage ETERNUS DX100 S4/DX200 S4, ETERNUS DX100 S3/DX200 S3 Hybrid Storage Systems
Design Guide (Basic)
Copyright 2023 Fujitsu Limited
P3AM-7642-32ENZ0
To Next Page
Loading...
