7914FDE.fm Draft Document for Review March 28, 2011 12:24 pm
468 IBM System Storage DS3500: Introduction and Implementation Guide
The window shown in Figure 15-19 opens and you are prompted to add a security identifier
(optional), a location to store the key file in, and a pass phrase.
Figure 15-19 Change Security Key options
The new security key is generated by the controller firmware and is hidden in the storage
subsystem. The new security key replaces the previous key that was used to unlock the
security-enabled FDE drives in the storage subsystem. The controller negotiates with all of
the security-enabled FDE drives for the new key.
The original security key is also stored in the storage subsystem for protection in case
something prevents the controllers from completing the negotiation of the new security key
with the security-enabled FDE drives (for example, loss of storage subsystem power during
the key change process). If this happens, you must change the security key so that only one
version of the security key is used to unlock all drives in a storage subsystem. The original
key is stored in the storage subsystem only. It cannot be changed directly or exported to a
security key backup file.
To Next Page
Loading...
