Resultados descriptivos e inferenciales de las fichas de registro

The IBM DS8000 disk subsystem (see Figure 2-4 on page 32) supports data encryption with the IBM FDE drive. Currently, these enterprise-class disks are available in 146 GB, 300 GB, or

450 GB capacities and with 15K RPM speed. These drives contain encryption hardware and can perform symmetric encryption and decryption of data at full disk speed with no effect on performance.

Figure 2-4 DS8000 series

To use data encryption, you must order an IBM DS8000 from the factory with all FDE drives.

At this time, DS8000 does not support an intermix of FDE and non-FDE drives. An IBM DS8000 with FDE disks is referred to as being encryption capable. Each storage facility image on an encryption-capable DS8000 can be configured to either enable or disable encryption for all data that is stored on a client’s disks. In order to enable encryption, you must configure the DS8000 to communicate with one Tivoli Key Lifecycle Manager key server (two or more Tivoli Key Lifecycle Manager key servers are better from a redundancy point of view).

The physical connection between the DS8000 Hardware Management Console (HMC) and the key server is through a TCP/IP network.

The IBM DS8000 supports data encryption with the help of FDE drives. Each IBM FDE drive has an encryption key for the region of the disk that contains client data. When encryption is enabled, the encryption key for the client data is wrapped with an access credential and stored on the disk media. Read/write access to the data on the drive is blocked following a power loss until the initiator accessing the drive authenticates with the currently active access credential. In the case of the DS8000, a unique access credential for each drive in the storage facility image is derived from one data key that it obtains from the Tivoli Key Lifecycle

Manager key server. The DS8000 stores multiple independent copies of the externally encrypted data key (EEDK) persistently, and it must be able to communicate with a Tivoli Key Lifecycle Manager server after a power on to allow access to the disks that have encryption enabled. In the case where the DS8000 is configured to disable encryption, the FDE disks still encrypt data with an encryption key, but the drive does not need an access credential to encrypt or decrypt the data.

In the current implementation, client data is persistently stored in one of three places:

򐂰 On client disks

Data on client disks (that is, disk drive modules (DDMs) installed via DDM Install Group features) that are encryption enabled is managed through a data key obtained from the Tivoli Key Lifecycle Manager key server. The data is encrypted with an encryption key that is managed though an externally encrypted encryption key.

Chapter 2. Introduction to storage data encryption 33

򐂰 Nonvolatile storage (NVS) dump data on system disks

If a force power off sequence is initiated, write data in flight in the NVS memory is encrypted with an encryption key and stored on the system disks in the DS8000 server.

The data is limited to at most 8 GBs. The encryption key is encrypted with a derived key and stored on the system disk. This data is only obfuscated. The data on the system disk is cryptographically erased when power is restored.

򐂰 Auxiliary processor unit (APU) data on system disks

If a force power off sequence is initiated, atomic parity write data in flight in the device adapter memory for RAID 6 arrays is encrypted with an encryption key and stored in a flash on the device adapter card in the DS8000 server. The data is limited to at most 32 MB per device adapter or 512 MB per storage facility in a maximum configuration. The encryption key is encrypted with a derived key and stored on the device adapter. This data is only obfuscated. The data is cryptographically erased in the flash memory when power is restored.

2.3.1 Encryption updates in DS8000 R5.0

There are two encryption updates included in DS8000 R5.0:

򐂰 Recovery key

򐂰 Dual platform key server support (see Figure 2-5).

Figure 2-5 Dual key server platform support

Force power off sequence: The power off requests issued through the DS GUI/CLI interfaces or through the System z® power control interfaces do not initiate a force power off sequence. Activation of the Force Power Off service switch or loss of ac power does initiate a force power off sequence.

These encryption updates (supported on R5.0) will only be available on DS8700 Models:

򐂰 Recovery key

The recovery key can be used to unlock a DS8000 that cannot obtain a required data key from a key server. It provides a new mechanism that can be used to break an encryption deadlock. Using the recovery key requires that the client configure and escrow the recovery key for future use (DS8000 does not have a copy of the recovery key).

R4.3 added new user roles:

– Storage administrator (STGADM): Formerly known as Administrator – Security administrator (SECADM)

Recovery key user protocols use a dual control, which requires two people to complete recovery key operation. The security administrator is the “requester” and holder of the recovery key while the storage administrator is the “approver” of the recovery key request.

The recovery key is a 256-bit AES key that is displayed as 64 hex characters with dashes every 4 characters.

򐂰 Dual platform key server support

DS8000 requires an isolated key server (configured with a copy of Tivoli Key Lifecycle Manager) in the configuration to avoid encryption deadlock. The isolated key server currently is defined with the System x server. Clients using the secure key mode keystore on separate platforms cannot integrate with isolated key servers, because they cannot propagate keys across key server platforms in the secure key mode.

Dual platform key server support allows you to configure two separate key server platforms with either platform operating in either clear key mode or secure key mode.

Now that you have a basic understanding of IBM storage data encryption techniques, we look at encryption to answer several of the most important questions:

򐂰 How does storage data encryption work?

򐂰 What do we encrypt, and what do we not encrypt?

򐂰 Why use data encryption?

򐂰 What are the benefits for my organization?