No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


FusionStorage 8.0.0 Block Storage Security Configuration Guide 06

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Data Security Feature

Data Security Feature

Business data is enterprises' core assets. Therefore, ensuring data security becomes the focus of enterprise administrators. In addition to security deployment and security maintenance, FusionStorage block storage provides self-encrypting disks (SEDs) to ensure data security.

Self-Encrypting Disks

FusionStorage block storage supports SEDs. These disks' hardware circuits and internal data encryption keys (DEKs) are used to encrypt data during writes and decrypt data during reads.

To ensure data encryption keys' security, FusionStorage block storage provides a secure, reliable, and easy-to-use key management solution, including:

  • Internal key management: The database built in FusionStorage block storage is used to store encryption keys.
  • External key management: FusionStorage block storage connects to a third-party key management server and uses the server to store encryption keys.

Data Destruction

When a user no longer uses an encrypted disk domain and needs to reallocate the storage space, FusionStorage block storage allows the user to delete the encrypted disk domain and destroy the AKs of the SEDs at the same time. The user can also erase data when the encrypted disk domain is being deleted, preventing data leakage.

  • AK destruction of SEDs: supports automatic destruction of AKs when a storage pool is being deleted. The disk management module erases AKs stored in the SEDs and disables the Autolock function. Internal Key Manager destroys the expired AKs of the SEDs.
  • Data erasure of SEDs: supports automatic destruction of data when a storage pool is being deleted. The disk management module delivers a DEK change command to the SEDs when the storage pool is being deleted, preventing the old data on the SEDs from being decrypted to the original data, that is, the data is erased.
Updated: 2019-11-14

Document ID: EDOC1100081422

Views: 1809

Downloads: 3

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Previous Next