Self-Encrypted Drives (SEDs) provide hardware-level security for sensitive on-disk data. Data on SEDs is encrypted using a combination of an internal key and a drive access password. Using SEDs is simple. After performing initial drive set-up, you don’t have to do anything: SEDs handle data encryption and decryption automatically. If you want to access the data, you have to know the password. And without that password, the protected on-disk data is inaccessible.
But what if something goes wrong? Can you recover the encrypted data if the password or internal keys are lost or deleted? What if someone removes a SED from a powered-on node, or a SED becomes corrupt or is otherwise defective? What if business reasons require that you completely erase the drive? How do you safely go about doing that, and how do you verify the erasure?
To find answers to these questions, check out the Uptime Information Hub article Data erasure and SED drives: An overview and FAQ, available on the EMC Community Network’s Isilon community space. You’ll learn:
- How SEDs work
- What happens if a password is lost, a drive becomes defective, or someone tries to make off with the drive
- How to erase a defective drive and how to erase all SEDs in a node or cluster
- How to confirm that a SED has been erased
- How long typical erasure operations take
Let us know what you think of the Data erasure and SED drives: An overview and FAQ article. If you have feedback for us about this or any other Isilon technical content, email us at firstname.lastname@example.org. And thank you!