No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


Disk Encryption User Guide

OceanStor Dorado V3 Series V300R002

This document is applicable to OceanStor Dorado3000 V3, Dorado5000 V3, Dorado6000 V3 and Dorado18000 V3. This document introduces how to install and configure key management servers connected to the storage systems that use self-encrypting disks.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).




AC power module

The module that transfers the external AC power supply into the power supply for internal use.

Application server

A service processing node (a computer device) on the network. Application programs of data services run on the application server.

Asynchronous remote replication

A kind of remote replication. When the data at the primary site is updated, the data does not need to be updated synchronously at the mirroring site to finish the update. In this way, performance is not reduced due to data mirroring.





Process of copying data to another storage area so that it can be used to restore the data when the source data is damaged or lost.

Backup window

An interval of time during which a set of data can be backed up without seriously affecting applications that use the data.


The numerical difference between the upper and lower frequencies of a band of electromagnetic radiation. A deprecated synonym for data transfer capacity that is often incorrectly used to refer to throughput.

Baud rate

The number of times per second the signal can change on a transmission line. Typically, the transmission line uses only two signal states, making the baud rate equal to the number of bits per second that can be transferred.

Bit error

An incompatibility between a bit in a transmitted digital signal and the corresponding bit in the received digital signal.

Bit error rate

The probability that a transmitted bit will be erroneously received. The BER is measured by counting the number of bits in error at the output of a receiver and dividing by the total number of bits in the transmission. BER is typically expressed as a negative power of 10.

Boundary scan

A test methodology that uses shift registers in the output connections of integrated circuits (ICs). One IC is often connected to the next IC. A data pattern is passed through the chain and the observed returned data stream affected by the circuit conditions gives an indication of any faults present. The system is defined under IEEE standard 1149.1 and is also known as Joint Test Action Group (JTAG).


Architecture that defines the roles of the browser and server. The browser is the service request party and the server is the service provider.




Cache hit ratio

The ratio of the number of cache hits to the number of all I/Os during a read task, usually expressed as a percentage.

Captive screw

Specially designed to lock into place on a parent or motherboard, allowing for easy installation and removal of attached pieces without release of the screw.

Challenge Handshake Authentication Protocol

A password-based authentication protocol that uses a challenge to verify that a user has access rights to a system. A hash of the supplied password with the challenge is sent for comparison so the cleartext password is never sent over the connection.


A technology for ensuring data security and integrity in a storage system. It is used to store the mission-critical data of the system.

Coffer disk

Disks that build up the coffer.


The control logic in a disk or tape that performs command decoding and execution, host data transfer, serialization and deserialization of data, error detection and correction, and overall management of device operations. The control logic in a storage subsystem that performs command transformation and routing, aggregation (RAID, mirroring, striping, or other), high-level error recovery, and performance optimization for multiple storage devices.

Controller enclosure

An enclosure that accommodates controllers and provides storage services. It is the core component of a storage system and generally consists of components, such as controllers, power supplies, and fans.


A pair state. The state indicates that the source LUN data is being synchronized to the target LUN.




Data compression

The process of encoding data to reduce its size. Lossy compression (i.e., compression using a technique in which a portion of the original information is lost) is acceptable for some forms of data (e.g., digital images) in some applications, but for most IT applications, lossless compression (i.e., compression using a technique that preserves the entire content of the original data, and from which the original data can be reconstructed exactly) is required.

Data flow

A process that involves processing data extracted from the source system. These processes include: filtering, integration, calculation, and summary, finding and solving data inconsistency, and deleting invalid data so that the processed data meets the requirements of the destination system for the input data.

Data migration

Data migration refers to that data is migrated from one data space to another. During migration, both the data format and size do not change.

Data source

A system, database (database user; database instance), or file that can make BOs persistent.


Deduplication is a specialized data compression technique for eliminating coarse-grained redundant data, typically to improve storage utilization. In the deduplication process, duplicate data is deleted, leaving only one copy of the data to be stored, along with references to the unique copy of data. Deduplication is able to reduce the required storage capacity since only the unique data is stored.

Dirty data

Data that is stored temporarily on the cache and has not been written onto disks.

disaster recovery

A system deployment solution aiming at reducing loss in disasters. A set of disaster recovery system that is the same as the production system is deployed as a backup to store the production data when a fault occurs in the production system. The applications are switched over to the disaster recovery system before the production system recovers. After the production system recovers, the applications are switched back to the production system.

Disk arrays

Groups of multiple disk devices that make up the typical SAN disk storage device. These arrays vary in design, capacity, performance, and other features.

Disk domain

A disk domain consists of the same type or different types of disks. Disk domains are isolated from each other. Therefore, services carried by different disk domains do not affect each other in terms of performance and faults (if any).

Disk enclosure

Consists of the following parts in redundancy: expansion module, disk, power module, and fan module. System capacity can be expanded by cascading multiple disk enclosures.

Disk location

The process of locating a disk in the storage system by determining the enclosure ID and slot ID of the disk.

Disk utilization

The percentage of used capacity in the total available capacity.





An engine is a core component that provides storage services for external applications. Hosted in a controller enclosure, the engine usually consists of one pair of controllers, disk modules, interface modules, power modules, fan modules, and batteries.

Expander module

A component used for expanding.


Connecting a storage system to more disk enclosures through connection cables, thus expanding the capacity of the storage system.




Field replaceable unit

A unit or component of a system that is designed to be replaced in the field, i.e., without returning the system to a factory or repair depot. Field replaceable units may either be customer-replaceable or their replacement may require trained service personnel.


Low-level software for booting and operating an intelligent device. Firmware generally resides in read-only memory (ROM) on the device.

Flash Translation Layer

Flash Translation Layer (FTL) organizes and manages host data, enables host data to be allocated to NAND flash chips of SSDs in an orderly manner, mains the mapping relationship between logical block addresses (LBAs) and physical block addresses (PBAs), and implements garbage collection, wear leveling, and bad block management.

Front-end host port

The port that connects the controller enclosure to the service side and transfers service data. There are three types of front-end host ports: SAS, Fibre Channel, and iSCSI.




garbage collection

The process of reclaiming resources that are no longer in use. Garbage collection has uses in many aspects of computing and storage. For example, in flash storage, background garbage collection can improve write performance by reducing the need to perform whole block erasures prior to a write.


A device that receives data via one protocol and transmits it via another.

global garbage collection

With a view to defragmentation of storage arrays and garbage collection of disks, global garbage collection reduces garbage of disks by enabling storage arrays to inform disks of not implementing invalid data relocation and of controlling space release so that disks and controllers consume less space, reducing costs and prolonging the useful life of storage arrays.

Global system for mobile communications

The second-generation mobile networking standard defined by the European Telecommunications Standards Institute (ETSI). It is aimed at designing a standard for global mobile phone networks. GSM consists of three main parts: mobile switching subsystem (MSS), base station subsystem (BSS), and mobile station (MS).

global wear leveling

With a view to individual characteristics of a single disk, Global wear leveling uses space allocation and write algorithms to achieve wear leveling among disks, preventing a disk from losing efficacy due to excessive writes and prolonging the useful life of the disk.




Hard disk tray

The tray that bears the hard disk.


Heartbeat supports node communication, fault diagnosis, and event triggering. Heartbeats are protocols that require no acknowledgement. They are transmitted between two devices. The device can judge the validity status of the peer device.

Hit ratio

The ratio of directly accessed I/Os from the cache to all I/Os.

Hot swap

The substitution of a replacement unit (RU) in a system for a defective unit, where the substitution can be performed while the system is performing its normal functioning normally. Hot swaps are physical operations typically performed by humans.




In-band management

The management control information of the network and the carrier service information of the user network are transferred through the same logical channel. In-band management enables users to manage storage arrays through commands. Management commands are sent through service channels, such as I/O write and read channels. The advantages of in-band management include high speed, stable transfer, and no additional management network ports required.


A system component that initiates an I/O operation on an I/O bus or on a network.


Shorthand for input/output. I/O is the process of moving data between a computer system's main memory and an external device or interface such as a storage device, display, printer, or network connected to other computer systems. This encompasses reading, or moving data into a computer system's memory, and writing, or moving data from a computer system's memory to another location.

Interface module

A replaceable field module that accommodates the service or management ports.




Load balance

A method of adjusting the system, application components, and data to averagely distribute the applied I/Os or computing requests to physical resources of the system.

Logical unit

The addressable entity within a SCSI target that executes I/O commands.

Logical unit number

The SCSI identifier of a logical unit within a target. Industry shorthand, when phrased as LUN, for the logical unit indicated by the logical unit number.

LUN formatting

The process of writing 0 bits in the data area of the logical drive and generating related parity bits so that the logical drive can be in the ready state.

LUN mapping

A storage system maps LUNs to application servers so that application servers can access storage resources.

LUN migration

A method for the LUN data to migrate between different physical storage spaces while ensuring data integrity and uninterrupted operation of host services.

LUN snapshot

A type of snapshot created for a LUN. This snapshot is both readable and writable and is mainly used to provide a snapshot LUN from point-in-time LUN data.




Maintenance terminal

A computer connected through a serial port or management network port. It maintains the storage system.

Management interface module

The module that integrates one or more management network ports.

Management network

An entity that provides means to transmit and process network management information.

Management network port

The network port on the controller enclosure connected to the maintenance terminal. It is provided for the remote maintenance terminal. Its IP address can be modified with the change of the customer's environment.




NVM Express

A host controller interface with a register interface and command set designed for PCI Express-based SSDs.


A solid state disk (SSD) with a non-volatile memory express (NVMe) interface. Compared with other SSDs, such SSDs can deliver higher performance and shorter latency.




Out-of-band management

A management mode used during out-of-band networking. The management and control information of the network and the bearer service information of the user network are transmitted through different logical channels.

Owning controller

The controller that can prior access a certain LUN.




PCIe switch

A PCIe switch interconnects multiple devices using the PCIe protocol to forward data among the devices.

Power failure protection

When an external power failure occurs, the AC PEM depends on the battery for power supply. This ensures the integrity of the dirty data in the cache.


When the system monitors a failing member disk in a RAID group, the system copies the data from the disk to a hot spare disk in advance.

Primary storage controller

The controller that plays a leading role in controlling management. It can perform relevant management operations on the controller enclosure.

Primary/Secondary switchover

A process for the conversion of the primary/secondary relationship.

Prior controller

For the application server LUN, prior controller means the working controller is the owner controller of the corresponding LUN array.




RAID level

The application of different redundancy types to a logical drive. A RAID level improves the fault tolerance or performance of the logical drive but reduces the available capacity of the logical drive. You must specify a RAID level for each logical drive.


The regeneration and writing onto one or more replacement disks of all of the user data and check data from a failed disk in a mirrored or RAID array. In most arrays, a rebuild can occur while applications are accessing data on the array's virtual disks.


The inclusion of extra components of a given type in a system (beyond those required by the system to carry out its function) for the purpose of enabling continued operation in the event of a component failure.

Remote replication

A core technology for disaster recovery and a foundation that implements remote data synchronization and disaster recovery. This technology remotely maintains a set of data mirrors through the remote data connection function of the storage devices that are separated in different places. Even when a disaster occurs, the data backup on the remote storage device is not affected. Remote replication can be divided into synchronous remote replication and asynchronous remote replication.

Reverse synchronization

The process of restoring data from the redundancy machine (RM) when the services of the production machine (PM) are recovering.


The path that network traffic takes from its source to its destination. On a TCP/IP network, each IP packet is routed independently. Routes can change dynamically.





A collection of data statements used to perform an operation.

Secondary controller

(1) A controller that backs up service and management data of the primary controller in a clustered system. When the primary controller fails, the secondary controller is upgraded to the primary controller and takes over the management and services of the controller enclosure. (2) A controller that backs up the management data of the primary controller in a block-level array. When the primary controller fails, the secondary controller is upgraded to the primary controller and takes over the management of the system.

Serial port

An input/output location (channel) that sends and receives data (one bit at a time) to and from the CPU of a computer or a communications device. Serial ports are used for serial data communication and as interfaces for some peripheral devices, such as mouse devices and printers.

Service data

The user and/or network information required for the normal functioning of services.

Service network port

The network port that is used to store services.

Simple network management protocol

An IETF protocol for monitoring and managing systems and devices in a network. The data being monitored and managed is defined by a MIB. The functions supported by the protocol are the request and retrieval of data, the setting or writing of data, and traps that signal the occurrence of events.

Single point of failure

One component or path in a system, the failure of which would make the system inoperable.


A position defined by an upper guide rail and the corresponding lower guide rail in a frame. A slot houses a board.

Small computer system interface

A collection of ANSI standards and proposed standards that define I/O interconnects primarily intended for connecting storage subsystems or devices to hosts through host bus adapters. Originally intended primarily for use with small (desktop and desk-side workstation) computers, SCSI has been extended to serve most computing needs, and is arguably the most widely implemented I/O interconnect in use today."


A point in time copy of a defined collection of data.

Snapshot copy

A copy of a snapshot LUN.

Source LUN

The LUN where the original data is located.

Storage pool shrinking

A method of shrinking the total storage pool capacity.

Storage system

An integrated system that consists of the following parts: controller, storage array, host bus adapter, physical connection between storage units, and all control software.

Storage unit

An abstract definition of backup storage media for storing backup data. The storage unit is connected to the actual storage media used to back up data.

Streaming media

Streaming media is media continuously streamed over the network. Combining technologies concerning streaming media data collection, compression, encoding, storage, transmission, playback, and network communications, streaming media can provide high-quality playback effects in real time at low bandwidth.


A type of smaller network that forms a larger network according to a rule, such as, forming a network according to different districts. This facilitates the management of a large network.





The endpoint that receives a SCSI I/O command sequence.

Target LUN

The LUN on which target data resides.

Thin LUN

A logic disk that can be accessed by hosts. It dynamically allocates storage resources from the thin pool according to the actual capacity requirements of users.

Timing snapshot

Creates virtual snapshots periodically to continuously protect data.


The logical layout of the components of a computer system or network and their interconnections. Topology deals with questions of what components are directly connected to other components from the standpoint of being able to communicate. It does not deal with questions of physical location of components or interconnecting cables. The communication infrastructure that provides Fibre Channel communication among a set of PN_Ports (e.g., a Fabric, an Arbitrated Loop, or a combination of the two).


A method by which the host operating system may inform a storage device of data blocks that are no longer in use and can be reclaimed.




User interface

The space where users interact with a machine.




wear leveling

A set of algorithms utilized by a flash controller to distribute writes and erases across the cells in a flash device. Cells in flash devices have a limited ability to survive write cycles. The purpose of wear leveling is to delay cell wear out and prolong the useful life of the overall flash device.

Working controller

The controller that reads data from and writes data onto LUNs or file systems in storage arrays.

Write Amplification

Increase in the number of write operations by the device beyond the number of write operations requested by hosts.

write amplification factor

The ratio of the number of write operations on the device to the number of write operations requested by the host.

Write back

A caching technology in which the completion of a write request is signaled as soon as the data is in the cache. Actual writing to non-volatile media occurs at a later time. Write back includes inherent risks: an application will take action predicated on the write completion signal, and a system failure before the data is written to non-volatile media will cause media contents to be inconsistent with that subsequent action. For these reasons, sufficient write back implementations include mechanisms to preserve cache contents across system failures (including power failures) and a flushed cache at system restart time.

Write Once Read Many

A type of storage, designed for fixed content, that preserves what is written to it in an immutable fashion. Optical disks are an example of WORM storage.

Write through

A caching technology in which the completion of a write request is not signaled until data is safely stored on non-volatile media. Write performance equipped with the write through technology is approximately that of a non-cached system. However, if the written data is also held in a cache, subsequent read performance may be dramatically improved.





A Fibre Channel switch function that is similar to the VLAN function for Ethernet switches. It logically allocates the devices including hosts and storage systems on a SAN to different zones. In this way, the devices in different zones cannot directly access each other over a Fibre Channel network, implementing device isolation on the SAN.

Updated: 2019-07-17

Document ID: EDOC1100049141

Views: 9535

Downloads: 63

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Previous Next