Encrypt the RSA SecurID Hardware Appliance 350 Hard Drive

Document created by RSA Information Design and Development on Nov 25, 2019Last modified by George Spagnoli on Nov 27, 2019
Version 3Show Document
  • View in full screen mode

The RSA SecurID Hardware Appliance 350 includes the PowerVault self-encrypting hard drive feature that you can enable. This feature encrypts the RAID 1 logical drive, which consists of a dual physical hard drive that uses mirroring. This feature is not included on other RSA SecurID Hardware Appliance models.

 

Note:  You must back up or record your passphrase. RSA cannot recover it, and you cannot reverse encryption without resetting your hard drive.

 

Before you begin 

 

You must know the following:

 

  • After enabling encryption, you should wait for at least 8 to 12 hours before using the hard drive. When the hard drive is fully encrypted, there is little or no impact on performance.
  • The encrypt operation is performed as the root user.
  • Encryption does not protect data that is copied off the hard drive.
  • If you enable encryption, you must back up or record your passphrase, so that you can access it when you need it. RSA does not provide a utility for recovering the passphrase used to encrypt your hard drive.
  • Removing encryption resets your hard drive and permanently clears your data. Make sure to back up your hard drive before you remove encryption.

 

Procedure 

 

  1. Log on to the appliance with the user name rsaadmin and the operating system password.
  2. Switch to the root user.
  3. Run the following command:

    /root/bin/encryptSedVd.py

    A message states whether the drive is encrypted.

  4. To encrypt the drive, do the following:
      1. At the Enable disk encryption y/n? prompt, type y and press ENTER.
      2. If you are prompted to enter a security key, you must enter a passphrase, and press ENTER.

    The passphrase must be between 8 and 32 characters long, and contain lowercase letters, uppercase letters, numbers, and special characters. For example, nFreDaW[792

    Avoid characters that can be problematic on command lines, such as dashes, dollar signs, backslashes, blank spaces, single and double quotation marks, and non-ASCII characters.

    1. Re-enter the passphrase twice to validate it, and press ENTER each time.
    2. You can enter an optional ID string to identify the security key, or press ENTER for no ID string.

      The ID string is optional because the RSA SecurID Hardware Appliance 350 only has one logical drive and only one security key.

      The optional ID string for the security key must be fewer than 256 characters. Avoid characters that can be problematic on command lines, such as dashes, dollar signs, backslashes, blank spaces, single and double quotation marks, and non-ASCII characters.

    3. When you are prompted, backup or record your passphrase, and enter y to verify that you did so.

      Note:  Make sure to save your passphrase. RSA cannot recover it for you, and removing encryption will permanently erase your data.

      A success message displays.

 

 

 

 

 

We want your feedback! Tell us what you think of this page.

 

Attachments

    Outcomes