Self-encrypting driveSelf-encrypting drive
The HPE MR Gen11 Controller supports Self-Encrypting Drive (SED) that secures the drive data from unauthorized access or modification of data. As the data on
the drive is encrypted even if the SED drive is removed from its storage system, it cannot be accessed without appropriate security authorization.
Host key managementHost key management
To use host key management, enable the SED drive as JBOD and expose the drive to OS. This method allows you to manage SED using third-party key
management like SEDutil . SED monitoring is also available in HPE MR Storage Administrator, Storage Command Line Interface (StorCLI) tool, and
configuration utility in UEFI System Utilities..
Local key managementLocal key management
You can enable SED drive security for local key management using the HPE MR Storage Administrator, StorCLI tool, and configuration utility in UEFI System
Utilities. You must provide a controller-wide security key identity and security key. While boot up, the security key stored in the controller is used to unlock the
drive. Whenever the drive is powered down, the security-enabled drive data encryption key is locked. This action protects the drives or systems against any theft.
Remote key managementRemote key management
Remote key management is also known as external key management.
NOTE:NOTE:
You can enable SED drive security for remote key management using the configuration utility in UEFI System Utilities. For more information,
see Enabling drive security.
The configuration utility in UEFI System Utilities works with iLO key manager to create the security key identify and security key in the remote key manager
server. iLO key manager needs to be configured before enabling remote key management in the configuration utility. Whenever the drive is powered down, the
security- enabled drive data encryption key is locked. While boot up, the security key is retrieved from the remote key manager server to unlock the drive.
Security Protocol and Data ModelSecurity Protocol and Data Model
Security Protocol and Data Model (SPDM) is a security standard developed by Distributed Management Task Force (DMTF). It enables system hardware
components such as PCIe cards, NVMe drives to have their identity authenticated and their integrity verified.
SPDM-capable components have strong cryptographic identities and can provide cryptographically signed attestations of their security state. When the server
starts, SPDM-capable components are authenticated cryptographically. Measurements of their security-relevant properties are obtained to determine whether
they operate at their intended state and then control is passed to the OS.
ReliabilityReliability
SubtopicsSubtopics
Cache Error Checking and CorrectionCache Error Checking and Correction
Thermal monitoringThermal monitoring
Cache Error Checking and CorrectionCache Error Checking and Correction
Error checking and correction (ECC) DRAM technology protects the data while it is in cache. The ECC scheme generates 8 bits of check data for every 64 bits of
regular data transferred. The memory controller uses this information to detect and correct data errors originating inside the DRAM chip or across the memory
bus.
Thermal monitoringThermal monitoring
The controller monitors the temperature of each drive in the server. iLO periodically collects these drive temperatures from the controller to control the fan speed.
The fan speed is optimized so that each drive is maintained below its maximum continuous operating temperature regardless of the workload.
This method has the benefit of saving cost by allowing the fans to run at an optimal setting while ensuring that drives do not overheat.
PerformancePerformance
SubtopicsSubtopics
Manage SAS storage link speedManage SAS storage link speed
To Next Page
Loading...
Need help?
General
