7914FDE.fm Draft Document for Review March 28, 2011 12:24 pm
470 IBM System Storage DS3500: Introduction and Implementation Guide
You will be prompted for the location to store the file and the pass phrase used to create or
change the existing security key file, as shown in Figure 15-21. The DS3500 Disk Encryption
Manager uses the pass phrase to encrypt the security key before it exports the security key to
the security key backup file.
Figure 15-21 Save Security Key File window
15.4.3 Secure erase
Secure erase provides a higher level of data erasure than other traditional methods. When
you initiate secure erase with the DS3500 Storage Manager, a command is sent to the FDE
drive to perform a âcryptographic eraseâ. This erases the existing data encryption key and
then generates a new encryption key inside the drive, making it impossible to decrypt the
data. Drive security becomes disabled and must be re-enabled if it is required again. To
perform a Secure erase of the drive, right-click on the drive and choose the option
Secure Erase... as shown in Figure 15-22.
Figure 15-22 Secure Erase of a FDE drive
To Next Page
Loading...
