No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


Disk Encryption User Guide

OceanStor Dorado V3 Series V300R001

This document is applicable to OceanStor Dorado5000 V3, Dorado6000 V3 and Dorado18000 V3. This document introduces how to install and configure key management servers connected to the storage systems that use self-encrypting disks.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Creating a Key

Creating a Key

After a self-encrypting disk domain is created on a storage system, an encryption key is automatically generated.


A self-encrypting disk has been configured on the storage system. The AutoLock status of the self-encrypting disk is Disable.

admin:/>show disk general  ID        Health Status  Running Status  Type  Capacity   Role       Disk Domain ID  Speed(RPM)  Health Mark  Bar Code              Item      AutoLock State      --------  -------------  --------------  ----  ---------  ---------  --------------  ----------  -----------  --------------------  --------  --------------    
DAE000.0  Normal         Online          SSD-SED   366.965GB  Free Disk  --              --          --           2102350LGX10FB000131  02350LGX  OFF           
DAE000.1  Normal         Online          SSD-SED   366.965GB  Free Disk  --              --          --           2102350LGX10FB000124  02350LGX  OFF           
DAE000.2  Normal         Online          SSD-SED   366.965GB  Free Disk  --              --          --           2102350LGX10FB000238  02350LGX  OFF           
DAE000.3  Normal         Online          SSD-SED   366.965GB  Free Disk  --              --          --           2102350LGX10FA000228  02350LGX  OFF           
DAE000.4  Normal         Online          SSD-SED   371.965GB  Free Disk  --              --          --           2102350LGX10FA000227  02350LGX  OFF           
DAE000.5  Normal         Online          SSD-SED   371.965GB  Free Disk  --              --          --           2102350LGX10FA000187  02350LGX  OFF           
DAE100.0  Normal         Online          SSD-SED   366.965GB  Free Disk  --              --          --           2102350LGX10FA000159  02350LGX  OFF           
DAE100.1  Normal         Online          SSD-SED   366.965GB  Free Disk  --              --          --           2102350LGX10FA000161  02350LGX  OFF           
DAE100.2  Normal         Online          SSD-SED   366.965GB  Free Disk  --              --          --           2102350LGX10G3000505  02350LGX  OFF           
DAE100.3  Normal         Online          SSD-SED   366.965GB  Free Disk  --              --          --           2102350LGX10FA000182  02350LGX  OFF           
DAE100.4  Normal         Online          SSD-SED   371.965GB  Free Disk  --              --          --           2102350LGX10G3000511  02350LGX  OFF        

If AutoLock Stateis OFF, disk encryption is disabled.


  1. Log in to DeviceManager.
  2. Choose Provisioning > Disk Domain.
  3. Click Create.

    The Create Disk Domain dialog box is displayed, as shown in Figure 3-73.

    Figure 3-73 Creating a disk domain

  4. Name and describe the disk domain.

    1. In Name, enter a name for the disk domain.
      • Each disk domain has a unique name.
      • A disk domain name can contain only letters, digits, underscores (_), hyphens (-), and periods (.).
      • A disk domain name contains 1 to 31 characters.
    2. In Description, enter the usage and properties of the disk domain. The descriptive information helps identify the disk domain.

  5. Set Encryption Type to Self-encrypting disk domain.
  6. Select the owning controller enclosure of the disks that constitute a disk domain, and set the Hot Spare Policy for the disk domain.

    • If you select Default settings, the storage system creates a disk domain using all disks owned by all controller enclosures.
    • If you select Manually select, you must manually select the owning controller enclosure.

    You can create multiple disk domains.

  7. Click OK.

    A message is displayed indicating that the operation succeeded.

  8. Click OK.

    After a disk domain is created, choose Provisioning > Disk Domain. In the function pane, you can see that AutoLock is Enable.

  9. View the encryption key on the key management server.

    1. Log in to the key management server web interface as a group manager.
    2. Click the Keys tab.

      Figure 3-74shows the Keys tab page.

      Figure 3-74 Key management

    3. Set the filter as needed. In the result list, check whether a key has been generated based on the serial numbers of the disks in the disk domain, and whether the key is in the Active state.

      You can run the show disk general disk_id= command and obtain the Serial Number of a disk from the command output.

      admin:/>show disk general disk_id=CTE0.0 
        ID                              : CTE0.0                  
        Health Status                   : Normal                  
        Running Status                  : Online                  
        Type                            : NVMe SSD SED            
        Capacity                        : 1.813TB                 
        Role                            : Member Disk             
        Disk Domain ID                  : 0                       
        Speed(RPM)                      : --                      
        Interface Bandwidth(Mbps)       : 6000                    
        Sector Size                     : 520B                    
        Temperature(Celsius)            : 35                      
        Model                           : HSSD-0235G6PF           
        Firmware Version                : 1064                    
        Manufacturer                    : HUAWEI                  
        Serial Number                   : HS000000000000338144    
        Light Status                    : Off                     
        Disk Domain Name                : DiskDomain002           
        Disk Domain Tier ID             : 0.4294967295            
        Coffer Disk                     : Yes                     
        Run Time(Day)                   : 69                      
        Progress(%)                     : 0                       
        Health Mark                     : --                      
        Multipathing                    : A,B                     
        Bad Time                        : --                      
        Bad Type                        : --                      
        Sense Key                       : --                      
        Sense Code                      : --                      
        Fru                             : --                      
        Bar Code                        : 210235G6BB1000000007   

Follow-up Procedure

After creating the self-encrypting disk domain, you can create LUNs to allocate the storage space to application servers. For details, see Basic Storage Service Configuration Guide of the corresponding product model.


You can log in to Huawei's technical support website ( and enter the product model + document name in the search box to search for, browse, and download the desired documents.

Updated: 2018-11-01

Document ID: EDOC1000159246

Views: 32797

Downloads: 199

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Previous Next