Data Security Feature
Business data is enterprises' core assets. Therefore, ensuring data security becomes the focus of enterprise administrators. In addition to security deployment and security maintenance, FusionStorage block storage provides self-encrypting disks (SEDs) to ensure data security.
Self-Encrypting Disks
FusionStorage block storage supports SEDs. These disks' hardware circuits and internal data encryption keys (DEKs) are used to encrypt data during writes and decrypt data during reads.
To ensure data encryption keys' security, FusionStorage block storage provides a secure, reliable, and easy-to-use key management solution, including:
- Internal key management: The database built in FusionStorage block storage is used to store encryption keys.
- External key management: FusionStorage block storage connects to a third-party key management server and uses the server to store encryption keys.
Data Destruction
When a user no longer uses an encrypted disk domain and needs to reallocate the storage space, FusionStorage block storage allows the user to delete the encrypted disk domain and destroy the AKs of the SEDs at the same time. The user can also erase data when the encrypted disk domain is being deleted, preventing data leakage.
- AK destruction of SEDs: supports automatic destruction of AKs when a storage pool is being deleted. The disk management module erases AKs stored in the SEDs and disables the Autolock function. Internal Key Manager destroys the expired AKs of the SEDs.
- Data erasure of SEDs: supports automatic destruction of data when a storage pool is being deleted. The disk management module delivers a DEK change command to the SEDs when the storage pool is being deleted, preventing the old data on the SEDs from being decrypted to the original data, that is, the data is erased.
Previous
