Encrypt the SecurID Hardware Appliance 350 Hard Drive

The SecurID Hardware Appliance 350 includes the PowerVault self-encrypting hard drive feature that you can enable. This feature encrypts the RAID 1 logical drive, which consists of a dual physical hard drive that uses mirroring. This feature is not included on other SecurID Hardware Appliance models.

Note: You must back up or record your passphrase. RSA cannot recover it, and you cannot reverse encryption without resetting your hard drive.

Before you begin

You must know the following:

  • After enabling encryption, you should wait for at least 8 to 12 hours before using the hard drive. When the hard drive is fully encrypted, there is little or no impact on performance.
  • Encryption does not protect data that is copied off the hard drive.
  • If you enable encryption, you must back up or record your passphrase, so that you can access it when you need it. RSA does not provide a utility for recovering the passphrase used to encrypt your hard drive.
  • Removing encryption resets your hard drive and permanently clears your data. Make sure to back up your hard drive before you remove encryption.

Procedure

  1. Log on to the appliance with the user name rsaadmin and the operating system password.
  2. Run the following command:

    sudo /opt/rsa/am/utils/bin/appliance/sed-encryption/encryptSedVd.py

  3. When prompted, re-enter the password for the rsaadmin account.

    A message states whether the drive is encrypted.

  4. To encrypt the drive, do the following:
    1. At the Enable disk encryption y/n? prompt, type y and press ENTER.
    2. If you are prompted to enter a security key, you must enter a passphrase, and press ENTER.

      3. The passphrase must be between 8 and 32 characters long, and contain lowercase letters, uppercase letters, numbers, and special characters. For example, nFreDaW[792

      Avoid characters that can be problematic on command lines, such as dashes, dollar signs, backslashes, blank spaces, single and double quotation marks, and non-ASCII characters.

    3. Re-enter the passphrase twice to validate it, and press ENTER each time.
    4. You can enter an optional ID string to identify the security key, or press ENTER for no ID string.

      The ID string is optional because the SecurID Hardware Appliance 350 only has one logical drive and only one security key.

      The optional ID string for the security key must be fewer than 256 characters. Avoid characters that can be problematic on command lines, such as dashes, dollar signs, backslashes, blank spaces, single and double quotation marks, and non-ASCII characters.

    5. When you are prompted, backup or record your passphrase, and enter y to verify that you did so.

      Note: Make sure to save your passphrase. RSA cannot recover it for you, and removing encryption will permanently erase your data.

      A success message displays.