Storage: Appendix B. Encrypt a Series 6E Core or Hybrid Host (encryptSedVd.py)

Document created by RSA Information Design and Development Employee on Jan 30, 2020Last modified by RSA Information Design and Development Employee on Sep 8, 2020
Version 10Show Document
  • View in full screen mode
 

RSA Series 6E Core and Hybrid hosts have Self-Encrypting Drives (SED). The encryptSedVd.py script:

  • Validates that the Series 6E host has the correct setup for encryption.
  • Encrypts unencrypted drives.

Note: For external storage devices such as PowerVault, refer to "Configure Storage Using the REST API" under "Using the REST API to Configure Storage" for instructions on how to encrypt their SED drives.

The following scenarios are examples of why you would use the encryptSedVd.py script.

  • You want to know if a physical host has encryption. In this case, if the script determines that the device does not have encryption, it gives you the opportunity to encrypt it.
  • You set up a device without encryption and you want to encrypt it.

You will find this script in the rsa-sa-tools directory for releases 11.4.0.0 and later. The following directory is for 11.4.0.0.

rsa-sa-tools-11.4.0.0-<needBuildNumberFromMark>.noarch.rpm

The following procedure illustrates how to use the script.

  1. Log in as root.
  2. Change the directory to the rsa-sa-tools RPM base directory:

    cd /opt/rsa/saTools/supportScript/

  3. Execute the following command:

    OWB_ALLOW_NON_FIPS=1 ./encryptSedVd.py

    The script tells you if the disks are encrypted or not encrypted.
    • If the drives are encrypted, the script displays the following message.
      No unencrypted RAID virtual drives with SED physical drives found.
    • If the drives are not encrypted, the script identifies the unencrypted drives as shown in the following example.

  4. If the drives are not encrypted and you want to encrypt them:
    1. Select the drives you want to encrypt with the space bar and press Enter.
      The following prompt is displayed.

    1. In the Enter Passphrase text box, type the <passphrase>, for example nFreDaW$792, and press Tab.
    1. In the Verify Passphrase text box, re-enter passphrase again for validation.
    1. In the Key ID (optional) text box, enter an optional ID string for the security key less than 256 characters or press Enter for none.
      The following prompt is displayed.

    1. Select <Y> and press Enter to confirm that you added the Passphrase.
    2. Submit the following command string to verify that the SED drives are encrypted.
      /opt/MegaRAID/perccli/perccli64 /c0 show more
      The following information is displayed. You can see that all four SED drives are encrypted (that is, Y is displayed for each drive in the SED column).

      You will find detailed information on perccli commands in the Dell PowerEdge RAID Controller CLI Reference Guide (http://l4u-00.jinr.ru/pub/misc/h-w/LSI/dell-sas-hba-12gbps_reference-guide_en-us.pdf).

You are here
Table of Contents > Appendix B. Encrypt a Series 6E Core or Hybrid Host (encryptSedVd.py)

Attachments

    Outcomes