Where do the [email protected] encryption/decryption functions occur in the Unity storage system?
A . Host I/O Modules
B . Storage Processor Cache
C . SAS I/O Module
D . Self-encrypting drives
Upon installation and activation of the feature, the following keys are generated by RSA BSAFE and persisted to the Lockbox:
– KEK Wrapping Key (KWK)
– Data Encryption Keys (DEKs) for all bound drives
A new KEK is generated each time the array boots. The KEK is wrapped with the KWK and passed to the SAS controller during the system boot process. Using the persisted KWK, the SAS controller can decrypt the KEK.
D: Self-Encrypting Drive (SED) technology is another variation of [email protected] which is widely used and offers similar functionality as CBE.
However, with SEDs, you have to pay a premium on every drive and only certain drives are offered in SED form.
References: https://www.emc.com/collateral/white-paper/h13296-dare-wp.pdf (page 8)