Zviri mukati hide
1 CISCO HyperFlex HX Data Platform
2 Product Information
3 Mirayiridzo Yekushandiswa Kwechigadzirwa
4 HX Chengetedzo Encryption FAQ
5 Mapepa Anotsigira
6 Zvinyorwa / Zvishandiso
6.1 References
7 Related Posts

CISCO-LOGO

CISCO HyperFlex HX Data Platform

CISCO-HyperFlex-HX-Data-Platform-PRO

Product Information

  • Product Name: HX Security Encryption
  • Shanduro: HXDP 5.01b
  • Encryption Solution: Software-yakavakirwa mhinduro uchishandisa Intersight Key Manager
  • Encryption Type: Self-Encrypting Drives (SEDs)
  • Mhando dzeDhivha Inotsigirwa: HDD uye SSD SEDs kubva kuMicron
  • Kutevedza Mitemo: FIPS 140-2 level 2 (vagadziri vekutyaira) uye FIPS 140-2 level 1 (chikuva)
  • Cluster-Wide Encryption: Encryption paHX inoiswa muhardware yedata pakuzorora chete uchishandisa maSED
  • Yega VM Encryption: Inobatwa neyechitatu bato software yakadai seHytrust kana Vormetric's transparent client
  • VMware Native VM Encryption: Inotsigirwa neHX kuti ishandiswe neSED encryption
  • Key Management: Media Encryption Key (MEK) uye Kiyi Encryption Key (KEK) inoshandiswa kune yega yega SED
  • Kushandisa Memory: Encryption makiyi haatombovepo mune node memory
  • Performance Impact: Disk encryption/decryption inobatwa mudhiraivha hardware, yakazara system performance haina kukanganiswa
  • Zvimwe Zvikomborero zveSEDs:
    • Instantaneous cryptographic erasure yekudzikisira dhiraivha retirement uye mitengo yekuendesazve
    • Kutevedzera mitemo yehurumende kana yeindasitiri yekuvanzika kwedata
    • Yakadzikira njodzi yekubiwa kwedhisiki uye node kuba sezvo data inove isingaverengeki kana hardware yabviswa

Mirayiridzo Yekushandiswa Kwechigadzirwa

Kuti ushandise HX Security Encryption, tevera mirairo iyi:

  1. Ita shuwa kuti yako system inotsigira Hardware-based encryption kana kuti iwe unofarira software-yakavakirwa mhinduro uchishandisa Intersight Key Manager.
  2. Tarisa kune magwaro ekutonga kana whitepaper (s) kune ruzivo nezve software-based encryption.
  3. Kana ukasarudza kushandisa hardware-based encryption neSEDs, ita shuwa kuti HX cluster yako ine maunifomu node (SEDs kana asiri-SEDs).
  4. Kune maSED, nzwisisa kuti kune makiyi maviri ari kushandiswa: iyo Media Encryption Key (MEK) uye Key Encryption Key (KEK).
  5. Iyo MEK inodzora encryption uye decryption yedata kune dhisiki uye inochengetedzwa uye inogadziriswa muhardware.
  6. Iyo KEK inochengetedza MEK/DEK uye inochengetwa mune imwe nzvimbo kana kure kure keystore.
  7. Usanetsekane nezve makiyi aripo mu node memory, sezvo encryption makiyi haana kumbochengetwa ipapo.
  8. Ziva kuti dhisiki encryption/decryption inobatwa mudhiraivha hardware, kuve nechokwadi chekuti yese system performance haina kukanganiswa.
  9. Kana iwe uine zvinodikanwa zvekutevedzera zviyero, ziva kuti HX SED yakavharidzirwa madhiraivha anosangana neFIPS 140-2 level 2 zviyero kubva kune vanogadzira drive, nepo HX Encryption papuratifomu inosangana neFIPS 140-2 level 1 zviyero.
  10. Kana iwe uchida encrypt yega maVM, funga kushandisa 3rd bato software yakadai seHytrust kana Vormetric's transparent client. Neimwe nzira, unogona kushandisa VMware yekuzvarwa VM encryption yakaunzwa muvSphere 6.5.
  11. Ramba uchifunga kuti kushandisa VM encryption mutengi pamusoro peHX SED-yakavakirwa encryption inozoguma nekaviri encryption yedata.
  12. Ita shuwa kuti yako HX cluster yakabatana kuburikidza neakavimbika network kana encrypted tunnels kuti idzokorore yakachengeteka, sezvo HX kudzokorora haina kuvharirwa.

HX Chengetedzo Encryption FAQ

Kubva paHXDP 5.01b, HyperFlex inopa software-based solution uchishandisa Intersight Key Manager kune masisitimu asingatsigire hardware-based encryption kana yevashandisi vanoshuvira kuita uku pamusoro pemhinduro dzehardware. Iyi FAQ inongotarisa chete paSED-based hardware mhinduro dzeHX encryption. Ona magwaro ekutonga kana whitepaper (s) kuti uwane ruzivo rwesoftware-based encryption.

Bias Statement
Mapepa akasetwa echigadzirwa ichi anoedza kushandisa mutauro usingarerekere. Nezvinangwa zvegwaro rino, kusarerekera kunotsanangurwa semutauro usingarevi rusarura runobva pazera, urema, murume kana mukadzi, rudzi, kuzivikanwa kwerudzi, maitiro ezvepabonde, mamiriro ezvehupfumi nemagariro, uye mharadzano. Zvisizvo zvinogona kunge zviripo muzvinyorwa nekuda kwemutauro wakaomeswa munzvimbo dzevashandisi vesoftware yechigadzirwa, mutauro unoshandiswa zvinoenderana nezvinyorwa zvezviyero, kana mutauro unoshandiswa nechero rechitatu chigadzirwa.

Nei Cisco Yekuchengetedza uye HX Encryption 

  • Q 1.1: Ndeapi maitiro aripo ekuvandudza kwakachengeteka?
    A1.1: Cisco Servers anonamatira kuCisco Secure Development Lifecycle (CSDL):
    • Cisco inopa maitiro, maitiro, masisitimu ekuvandudza yakamisikidzwa chengetedzo pamaseva eCisco, kwete kungofukidza.
    • Yakazvitsaurira Cisco timu yekutyisidzira modhi / static ongororo paUCS Chigadzirwa Portfolio
    • Cisco Advanced Security Initiative Group (ASIG) inoita proactive kupinda bvunzo kuti vanzwisise kuti kutyisidzira kunouya sei uye kugadzirisa nyaya nekusimudzira HW & SW kuburikidza neCDETS uye engineering.
    • Yakazvitsaurira Cisco timu kuyedza uye kubata inobuda munjodzi uye kutaurirana sevanopa mazano ekuchengetedza kune vatengi
    • Zvese zvigadzirwa zvepasi zvinoenda kuburikidza nechigadzirwa chekuchengetedza baseline zvinodiwa (PSB) iyo inotonga zviyero zvekuchengetedza zveCisco zvigadzirwa
    • Cisco inoita Vulnerability/Protocol robustness bvunzo pane zvese zvinoburitswa UCS
  • Q 1.2: Sei maSED achikosha?
    A1.2: MaSED anoshandiswa kune data-at-rest encryption uye chinhu chinodiwa kune vakawanda, kana zvisiri zvese, federal, medical, uye masangano emari.

General Information Overview

  • Q 2.1: Chii chinonzi SEDs?
    A2.1: SED (Self-Encrypting Drives) ine yakakosha hardware iyo encrypts inouya data uye decrypts inobuda data munguva chaiyo-nguva.
  • Q 2.2: Ndeipi chiyero che encryption paHX?
    A2.2: Encryption paHX parizvino inoshandiswa muhardware yedata pakuzorora chete uchishandisa encrypted drives (SEDs). HX encryption iri cluster-wide. Yega yega VM encryption inobatwa neyechitatu bato software senge Hytrust kana Vormetric's pachena mutengi uye iri kunze kwechikamu cheHX mabasa. HX inotsigirawo kushandiswa kweVMware yekuzvarwa VM encryption yakaunzwa muvSphere 3. Kushandiswa kweVM encryption mutengi pamusoro peHX SED yakavakirwa encryption kuchaguma nekuvharirwa kaviri kwedata. HX kudzokorodza haina kuvharirwa uye inotsamira pane akavimbika network kana encrypted tunnel inotumirwa nemushandisi wekupedzisira.
  • Q 2.3: Ndeapi mazinga ekuteerera anosangana neHX encryption?
    A2.3: HX SED yakavharidzirwa madhiraivha inosangana neFIPS 140-2 level 2 zviyero kubva kune vanogadzira drive. HX Encryption pachikuva inosangana neFIPS 140-2 level 1 zviyero.
  • Q 2.4: Isu tinotsigira ese ari maviri HDD uye SSD yekunyorera?
    A2.4: Hongu tinotsigira ese HDD uye SSD SEDs kubva kuMicron.
  • Q 2.5: Ko sumbu reHX ringave rakavharika uye risiri-encrypted madhiraivha panguva imwe chete?
    A2.5: Manodhi ese ari musumbu anofanirwa kunge ari mayunifomu (SEDs kana asiri-SEDs)
  • Q 2.6: Ndeapi makiyi ari kushandiswa kune SED uye anoshandiswa sei?
    A2.6: Pane makiyi maviri ari kushandiswa kune yega yega SED. Iyo Media Encryption Key (MEK) inonziwo Disk Encryption Key (DEK), inodzora encryption uye decryption yedata kudhisiki uye inochengetedzwa uye inogadziriswa muhardware. Kiyi Encryption Key (KEK) inochengetedza DEK/MEK uye inochengetwa mune imwe nzvimbo kana kure kure.
  • Q 2.7: Makiyi anogara aripo mundangariro here?
    A2.7: Encryption makiyi haatombovepo mune node memory
  • Q 2.8: Kuita kunokanganiswa sei neiyo encryption/decryption process?
    A2.8: Disk encryption/decryption inobatwa mudhiraivha hardware. Yakazara system performance haina kukanganiswa uye haisi pasi pekurwiswa kwakanangana nezvimwe zvikamu zvehurongwa
  • Q 2.9: Kunze kwekunyorera pakuzorora, ndezvipi zvimwe zvikonzero zvekushandisa maSED?
    A2.9: SEDs inogona kuderedza dhiraivha retirement uye redeployment mutengo kuburikidza nekukasira cryptographic erasure. Ivo zvakare vanoshanda kutevedzera hurumende kana indasitiri mirau yekuvanzika kwedata. Imwe advantage ndiyo njodzi yakaderedzwa yekubira dhisiki uye node kuba sezvo data, kana hardware yabviswa kubva kune ecosystem, haiverengeki.
  • Q2.10: Chii chinoitika nekudonhedza uye kudzvanywa nemaSED? Chii chinoitika ne 3rd bato software-based encryption?
    A2.10: Kudhirowa uye kudzvanywa neSEDs paHX inochengetwa sezvo data pakuzorora encryption inoitika sedanho rekupedzisira mukunyora maitiro. Deduplication uye compression zvakatoitika. Iine 3rd bato software-yakavakirwa encryption zvigadzirwa, maVM anodzora encryption yavo uye anopfuura encrypted anonyora kune hypervisor uyezve HX. Sezvo izvi zvinyorwa zvakatovharwa, hazvitorerwe kana kumanikidzwa. HX Software Yakavakirwa Encryption (mune 5.x codeline) ichave software encryption mhinduro iyo inoshandiswa musheki mushure mekunyora optimizations (kubvisa uye kudzvanya) kwaitika saka bhenefiti ichachengetwa mune iyo kesi.

Mufananidzo uri pasi apa waperaview yekuitwa kweSED neHX.CISCO-HyperFlex-HX-Data-Platform-1

Drive Details 

  • Q 3.1: Ndiani anogadzira madhiraivha akavharidzirwa anoshandiswa muHX?
    A3.1: HX inoshandisa madhiraivha anogadzirwa naMicron: Micron-yakatarwa magwaro akabatanidzwa muchikamu chemagwaro anotsigira cheiyi FAQ.
  • Q 3.2: Tinotsigira chero maSED asingaenderane neFIPS?
    A3.2: Isu tinotsigirawo mamwe madhiraivha asiri-FIPS, asi anotsigira SED (TCGE).
  • Q 3.3: Chii chinonzi TCG?
    A3.3: TCG ndiyo Yakavimbika Computing Boka, iyo inogadzira uye inogadzirisa iyo yakatarwa chiyero cheyakavharidzirwa kuchengetedza data
  • Q 3.4: Chii chinonzi bhizinesi-kirasi chengetedzo kana zvasvika kune SAS SSDs yenzvimbo yedata? Ndeapi maficha ane madhiraivha aya anochengetedza kuchengetedzwa uye kudzivirira kubva pakurwiswa?
    A3.4:     Rondedzero iyi inopfupikisa mabhizinesi-kirasi maficha eiyo maSED anoshandiswa muHX uye nemabatiro aanoita kune TCG standard.
    1. Self-encrypting drives (SEDs) inopa kuchengetedzeka kwakasimba kwedata pakuzorora pane yako SED, kudzivirira kusingatenderwe kuwana data. The Trusted Computing Group (TCG) yakagadzira rondedzero yezvimiro uye mabhenefiti ekuzvivharira ega madhiraivha eese maHDD uye SSD. Iyo TCG inopa chiyero chinonzi TCG Enterprise SSC (Security Subsystem Kirasi) uye yakatarisana nedata pakuzorora. Izvi zvinodikanwa kune ese maSED. Iyo fungidziro inoshanda kumidziyo yekuchengetedza data uye zvinodzora zvinoshanda mukuchengetedza bhizinesi. Rondedzero yacho inosanganisira:
      • Kujeka: Hapana sisitimu kana shanduko yekushandisa inodiwa; encryption kiyi inogadzirwa nedhiraivha pachayo, uchishandisa pane-bhodhi yechokwadi random nhamba jenareta; drive inogara ichinyora.
      • Kureruka kwekutungamira: Hapana encryption kiyi yekugadzirisa; software vatengesi vanoshandisa yakamisikidzwa interface kubata SEDs, kusanganisira kure manejimendi, pre-boot authentication, uye password kudzoreredza.
      • Mutengo wekubvisa kana kurongazve: NeSED, dzima pabhodhi encryption kiyi
      • Re-encryption: NeSED, hapana chikonzero chekumbonyora zvakare data
      • Kuita: Hapana kuderedzwa muSED kuita; hardware-based
      • Standardization: Yese dhiraivha indasitiri iri kuvaka kune TCG/SED Madiro
      • Rakareruka: Hapana kukanganiswa nemaitiro ekumusoro
    2. SSD SEDs inopa ndiko kugona kudzima dhiraivha. Izvi zvinoreva kuti murairo wakareruka wakatendeseka unogona kutumirwa kudhiraivha kuti uchinje 256-bit encryption kiyi yakachengetwa padhiraivha. Izvi zvinovimbisa kuti drive inopukutwa yakachena uye hapana data yasara. Kunyangwe iyo yekutanga host system haigone kuverenga iyo data, saka haigone kuverengeka neimwe nzira. Iko kuvhiyiwa kunongotora mashoma mashoma, kusiyana nemaminetsi akawanda kana kunyange maawa anotora kuita basa rakafanana pane isina kuvharwa HDD uye inodzivirira mutengo weanodhura HDD de-gaussing michina kana masevhisi.
    3. FIPS (Federal Information Processing Standard) 140-2 chiyero chehurumende yeUS chinotsanangura kuvharidzirwa uye zvine chekuita nekuchengetedza zvinodiwa izvo zvigadzirwa zveIT zvinofanirwa kusangana nazvo kuti zvishandiswe zvine hunyoro, asi zvisina kutsanangurwa. Izvi zvinowanzodiwa kumasangano ehurumende nemakambani ari mumasevhisi emari uye maindasitiri ehutano zvakare. Iyo SSD iyo iri FIPS-140-2 yakasimbiswa inoshandisa yakasimba kuchengetedza maitiro kusanganisira yakabvumidzwa encryption algorithms. Inotsanangurawo kuti vanhu kana mamwe maitiro anofanirwa kupihwa mvumo sei kuti vashandise chigadzirwa, uye kuti ma module kana zvikamu zvinofanirwa kugadzirwa sei kuti zvidyidzane zvakachengeteka nemamwe masisitimu. Asi izvo, chimwe chezvinodiwa zveFIPS-140-2 yakasimbiswa SSD drive ndeyekuti iSED. Ramba uchifunga kuti kunyangwe TCG isiri iyo yega nzira yekuwana yakasimbiswa encrypted drive, iyo TCG Opal uye Enterprise SSC zvimiro zvinotipa nhanho yekusimbisa FIPS. 4. Chimwe chinhu chakakosha Kurodha Kwakachengeteka uye Diagnostics. Iyi firmware ficha inochengetedza dhiraivha kubva pakurwiswa kwesoftware kuburikidza nedhijitari siginecha inovakwa muiyo firmware. Kana kudhawunirodha kuchidikanwa, siginecha yedhijitari inodzivirira kupinda kusingatenderwe kudhiraivha, ichidzivirira yekunyepedzera firmware kubva pakutakurwa kudhiraivha.

Hyperflex isa neSEDs

  • Q 4.1: Iyo yekuisa inobata sei kutumirwa kweSED? Pane cheki dzakakosha here?
    A4.1: Iyo yekuisa inotaurirana neUCSM uye inova nechokwadi chekuti system firmware ndeyechokwadi uye inotsigirwa kune yakaonekwa hardware. Encryption kuenderana kunotariswa uye kusimbiswa (semuenzaniso, hapana kusanganiswa kweSED uye isiri-SED).
  • Q 4.2: Kutumirwa kwakasiyana here neimwe nzira?
    A4.2:     Iko kuisirwa kwakafanana neyakajairwa HX yekumisikidza, zvisinei, tsika yekufambisa haina kutsigirwa maSED. Kuvhiya uku kunoda zvitupa zveUCSM zvemaSED zvakare.
  • Q 4.3: Marezenisi anoshanda sei ne encryption? Pane chimwe chinhu chokuwedzera chinoda kuva panzvimbo here?
    A4.3: SED hardware (yakarongedzerwa kubva kufekitari, kwete retrofit) + HXDP 2.5 + UCSM (3.1(3x)) ndizvo chete zvinhu zvinodiwa kuti encryption ishande nekiyi manejimendi. Iko hakuna yekuwedzera rezinesi kunze kweiyo base HXDP kunyorera inodikanwa mukuburitswa kwe2.5.
  • Q 4.4: Chii chinoitika kana ndine SED system ine madhiraivha asisipo? Ndingawedzera sei sumbu iri?
    A4.4: Pese patinenge tine chero PID iri kuguma-kwe-hupenyu kubva kune vatinogovera, isu tine inotsiva PID inoenderana neiyo yekare PID. Iyi inotsiva PID inogona kushandiswa kuRMA, kuwedzera mukati me node, uye kuwedzera kwesumbu (ine node nyowani). Nzira dzese dzinotsigirwa, zvisinei, dzingangoda kukwidziridzwa kune imwe kuburitswa iyo inotaridzwawo mune shanduko yekuburitsa manotsi.

Key Management

  • Q 5.1: Chii chinonzi Key Management?
    A5.1: Kiyi manejimendi ndiwo mabasa anosanganisirwa nekudzivirira, kuchengetedza, kutsigira uye kuronga encryption makiyi. HX inoshandisa izvi muUCSM-centric policy.
  • Q 5.2: Ndeipi nzira inopa tsigiro yekumisikidza kiyi?
    A5.2: UCSM inopa rutsigiro kugadzirisa makiyi ekuchengetedza.
  • Q 5.3: Ndeupi rudzi rwehutungamiri hunokosha huripo?
    A5.3: Kutonga kwenzvimbo kwemakiyi kunotsigirwa, pamwe chete nebhizinesi-kirasi kure kiyi manejimendi ine 3rd bato kiyi manejimendi maseva.
  • Q 5.4: Ndivanaani vari kure kiyi manejimendi vanobatana?
    A5.4: Isu parizvino tinotsigira Vormetric uye Gemalto (Safenet) uye inosanganisira kuwanikwa kwepamusoro (HA). HyTrust iri mukuyedza.
  • Q 5.5: Kutungamira kiyi yekure kunoitwa sei?
    A5.5: Remote kiyi manejimendi inobatwa kuburikidza neKMIP 1.1.
  • Q 5.6: Kutungamira kwenzvimbo kunogadziriswa sei?
    A5.6: Kiyi yekuchengetedza (KEK) inogadziriswa muHX Connect, zvakananga nemushandisi.
  • Q 5.7: Remote management inogadziriswa sei?
    A5.7: Iyo kure kiyi manejimendi (KMIP) server kero ruzivo pamwe chete nemagwaro ekupinda inogadziriswa muHX Batanidza nemushandisi.
  • Q 5.8: Ndeipi chikamu cheHX chinotaurirana neKMIP server kuti igadziriswe?
    A5.8:     Iyo CIMC pane imwe neimwe node inoshandisa ruzivo urwu kubatana neKMIP server uye kutora kiyi yekuchengetedza (KEK) kubva mairi.
  • Q 5.9: Ndeapi marudzi eSitifiketi anotsigirwa muchizvarwa chakakosha / kudzorera / kugadzirisa?
    A5.9:     CA-akasaina uye akazvisaina zvitupa zvese zvinotsigirwa.
  • Q 5.10: Ndeapi mafambiro ebasa anotsigirwa neiyo encryption maitiro?
    A5.10:     Chengetedza / usadzivirira uchishandisa password password inotsigirwa pamwe neyemuno kuenda kure kure kiyi manejimendi shanduko. Re-key mashandiro anotsigirwa. Chengetedza disk erase operation inotsigirwawo.

Mushandisi Wekushanda: Yemunharaunda

  • Q 6.1: MuHX Batanidza, papi pandinomisa manejimendi ekiyi yenzvimbo?
    A6.1: Mune Encryption dashboard sarudza bhatani rekugadzirisa uye tevera wizard.
  • Q 6.2: Chii chandinofanira kunge ndakagadzirira kuenda kuti nditange izvi?
    A6.2: Iwe unozofanirwa kupa 32-mavara ekuchengetedza passphrase.
  • Q 6.3: Chii chinoitika kana ndichida kuisa SED itsva?
    A6.3: MuUCSM iwe uchafanirwa kugadzirisa iyo yekuchengetedza mutemo wenzvimbo uye kuseta kiyi yakatumirwa kune iripo node kiyi.
  • Q 6.4: Chii chinoitika kana ndikaisa dhisiki idzva?
    A6.4: Kana kiyi yekuchengetedza padhisiki ichienderana neye server (node) inongovhurwa otomatiki. Kana makiyi ekuchengetedza akasiyana, diski icharatidza se "Yakavharwa". Unogona kudzima dhisiki kudzima data rese kana kuivhura nekupa kiyi chaiyo. Ino inguva yakanaka yekubatana neTAC.

Mushandisi Wekushanda: Kure

  • Q 7.1: Ndezvipi zvimwe zvinhu zvandinofanira kutarisa neremote key management gadziriro?
    A7.1: Kukurukurirana pakati pesumbu neKMIP server(s) kunoitika pamusoro peCIMC pane imwe neimwe node. Izvi zvinoreva kuti zita rekutambira rinogona kushandiswa kuseva yeKMIP chete kana Inband IP kero uye DNS yakagadziridzwa pane manejimendi eCIMC.
  • Q 7.2: Chii chinoitika kana ndichida kutsiva kana kuisa SED itsva?
    A7.2: Iyo cluster ichaverenga identifier kubva dhisiki uye edza kuivhura iyo yega. Kana kuvhura otomatiki kukatadza, dhisiki rinouya se "rakakiyiwa" uye mushandisi anofanira kuvhura dhisiki nemaoko. Iwe unozofanirwa kukopa zvitupa kuKMIP server (s) yeruzivo rwekuchinjana.
  • Q 7.3: Ndinokopa sei zvitupa kubva musumbu kuenda kune KMIP server(s)?
    A7.3:     Pane nzira mbiri dzekuita izvi. Unogona kukopa chitupa kubva kuBMC kuenda kuKMIP server zvakananga kana unogona kushandisa CSR kuwana chitupa chakasainwa neCA uye kukopa chitupa chakasainwa neCA kuBMC uchishandisa mirairo yeUCSM.
  • Q 7.4: Ndedzipi pfungwa dziripo dzekuwedzera encrypted nodes kune cluster inoshandisa kure kure key management?
    A7.4: Paunenge uchiwedzera mauto matsva kuKMIP server(s), zita rekutambira rinoshandiswa rinofanira kunge riri serial nhamba yeserver. Kuti utore setifiketi yeKMIP server, unogona kushandisa bhurawuza kuti utore midzi chitupa cheKMIP server(s).

Mushandisi Wekushanda: Zvakawanda

  • Q 8.1: Ndinodzima sei dhisiki?
    A8.1: MuHX Batanidza dashboard, sarudza iyo system ruzivo view. Kubva ipapo unogona kusarudza dhisiki yega yega yekudzima yakachengeteka.
  • Q 8.2: Ko kana ndikadzima dhisiki netsaona?
    A8.2: Kana kudzima kwakachengeteka kunoshandiswa iyo data inoparadzwa zvachose
  • Q 8.3: Chii chinoitika kana ndichida kubvisa node kana kupatsanura sevhisi profile?
    A8.3: Hapana chimwe chezviito izvi chichabvisa encryption pane dhisiki / controller.
  • Q 8.4: Ko encryption inoremara sei?
    A8.4: Mushandisi anofanira kudzima zvakajeka encryption muHX Connect. Kana mushandisi akaedza kudzima mutemo wekuchengetedza muUCSM kana sevha yakabatana yakachengetedzwa, UCSM icharatidza kutadza-kutadza uye kusatendera chiito. Chengetedzo policy inofanira kutanga yavharwa.

Mushandisi Wekushanda: Certificate Management

  • Q 9.1: Zvitupa zvinobatwa sei panguva yekuseta manejimendi?
    A9.1: Zvitifiketi zvinogadzirwa uchishandisa HX Batanidza uye iri kure KMIP server(s). Zvitupa kana zvangogadzirwa hazvizombofa zvakadzimwa.
  • Q 9.2: Ndedzipi zvitupa zvandingashandisa?
    A9.2: Unogona kushandisa zvitupa zvekuzvisaina kana zvitupa zveCA. Iwe unofanirwa kusarudza panguva yekugadzirisa. ZveCA zvitupa zvakasaina iwe unoburitsa seti yeSitifiketi Kusaina Zvikumbiro (CSRs). Zvitupa zvakasainwa zvinoiswa kune KMIP server(s).
  • Q 9.3: Nderipi zita remugamuchiri wandinofanira kushandisa kana ndichigadzira zvitupa?
    A9.3: Zita remugamuchiri rinoshandiswa kugadzira chitupa rinofanira kunge riri Nhamba yeSeri yeseva.

Firmware Dzokorora

  • Q 10.1: Pane zvirambidzo here pakuvandudza disk firmware?
    A10.1: Kana iyo encryption-inokwanisa drive ikaonekwa, chero dhisiki firmware shanduko haizotenderwe kune iyo dhisiki.
  • Q 10.2: Pane here zvirambidzo pakusimudzira UCSM firmware?
    A10.2: Kudzika kweUCSM/CIMC kuenda kupre-UCSM 3.1(3x) kunorambidzwa kana paine mutongi ari munzvimbo yakachengetedzwa.

Chengetedza Erase Details

  • Q 11.1: Chii chinonzi Chengetedza Erase?
    A11.1: Chengetedza kudzima ndiko kudzima kwekare kwe data pane drive (pukuta yedhisiki encryption kiyi). Izvi zvinoreva kuti murairo wakareruka wakatendeseka unogona kutumirwa kudhiraivha kuti uchinje 256-bit encryption kiyi yakachengetwa padhiraivha. Izvi zvinovimbisa kuti drive inopukutwa yakachena uye hapana data yasara. Kunyangwe iyo yekutanga host system haigone kuverenga iyo data saka haigone kuverengeka neimwe system. Kuvhiya kwacho kunongotora masekonzi mashoma, kusiyana nemaminetsi akawanda kana maawa anotora kuita basa rakafanana nedhisiki risina kuvharwa uye kudzivirira mutengo wemidziyo inodhura yekubvisa kana masevhisi.
  • Q 11.2: Kudzima kwakachengeteka kunoitwa sei?
    A11.2: Uku ndiko kushanda kweGUI kunoitwa dhiraivha imwe panguva.
  • Q 11.3: Kudzima kwakachengeteka kunowanzoitwa riini?
    A11.3: Mushandisi-akatangwa akachengeteka kudzima kweimwe dhisiki ibasa risingawanzo. Izvi zvinonyanya kuitwa kana iwe uchida kubvisa mumuviri dhisiki kuti ritsive, kuendesa kune imwe node, kana kudzivirira kutadza kwepedyo-mberi.
  • Q 11.4: Ndezvipi zvirambidzo zviripo pakudzimwa kwakachengeteka?
    A11.4: Chengetedza erase mashandiro anogona kuitwa chete kana cluster iine hutano kuti ive nechokwadi chekuti kutadza kusimba kwechikwata hakukanganiswe.
  • Q 11.5: Chii chinoitika kana ndichida kubvisa node yose?
    A11.5: Kune node bvisa uye node inotsiva workflows kutsigira kudzima kwakachengeteka kwese madhiraivha. Ona gwairo rekutonga kuti uwane ruzivo kana bvunza Cisco TAC.
  • Q 11.6: Ko dhisiki rakadzimwa zvakachengeteka ringashandiswazve here?
    A11.6: Dhisiki rakadzimwa zvakachengeteka rinogona kushandiswa zvakare mune rimwe sumbu rakasiyana chete. Kudzimwa kwakachengeteka kweSED kunoitwa nekupukuta dhisiki encryption kiyi (DEK). Iyo data iri mudhisiki haigone kuderedzwa pasina DEK. Izvi zvinokutendera kuti ushandise zvakare kana kubvisa dhisiki pasina kukanganisa kweiyo data.
  • Q 11.7: Chii chinoitika kana dhisiki randinoda kudzima riine yekupedzisira kopi yekutanga yedata ye cluster?
    A11.7: Iyo data iri pa diski inofanira kunge iine mamwe makopi musumbu kudzivirira kurasikirwa kwedata. Nekudaro, kana kudzima kwakachengeteka kwakakumbirwa padhisiki inova iyo yekupedzisira yekutanga kopi, ipapo oparesheni iyi icharambwa kusvika pane imwe kopi iripo. Rebalance inofanira kunge ichiita kopi iyi kumashure.
  • Q 11.8: Ini ndinoda chaizvo kudzima dhisiki, asi cluster haina hutano. Ndingazviita sei?
    A11.8: Mutsara wekuraira (STCLI/HXCLI) uchabvumira kudzima kwakachengeteka kana chisumbu chisina hutano uye dhisiki haina kopi yekupedzisira yekutanga, kana zvisina kudaro inorambidzwa.
  • Q 11.9: Ndingadzima sei node yese zvakachengeteka?
    A11.9: Ichi chiitiko chisingawanzoitiki. Chengetedza kudzima kwese dhisiki mune node kunoitwa kana munhu achida kubvisa node kubva musumbu. Chinangwa ndechekuisa node mune imwe sumbu kana kubvisa iyo node. Tinogona kurongedza kubviswa kwenode mune ino mamiriro nenzira mbiri dzakasiyana:
    1. Chengetedza kudzima madhisiki ese pasina kudzima encryption
    2. Chengetedza dzima madhisiki ese anoteverwa nekudzima encryption yeiyo node (uye disks). Ndokumbira ubate Cisco TAC kuti ubatsirwe.

Chengetedza Kuwedzera kweCluster

  • Q 12.1: Ndeupi rudzi rwenode yandinogona kuwedzera sumbu rakavharidzirwa naro?
    A12.1: Chete SED-anokwanisa node anogona kuwedzerwa kuHX Cluster ine maSED.
  • Q 12.2: Kuwedzera nehutungamiri hwekiyi hwemunharaunda kunoitwa sei?
    A12.2: Kuwedzera kiyi yenzvimbo ibasa risina musono pasina gadziriso yekunze inodiwa.
  • Q 12.3: Kuwedzeredzwa nehuremu kiyi manejimendi inobatwa sei?
    A12.3: Remote kiyi yekuwedzera inoda lockstep ine zvitupa / kiyi manejimendi zvivakwa:
    • Zvitupa zvinodiwa kuti uwedzere node itsva zvakachengeteka
    • Iyo Deployment icharatidza yambiro ine matanho ekuenderera mberi kusanganisira chinongedzo chekurodha chitupa
    • Mushandisi anotevera matanho ekurodha zvitupa (s) uye ozoedzazve kutumira

Mapepa Anotsigira

Micron:

FIPS

CDETS:

  • Chirongwa: CSC.nuova Chigadzirwa: ucs-blade-server Chikamu: ucsm

SED Functional Specification:

  • EDCS: 1574090

SED CIMC Tsanangudzo:

Mailing List:

Zvinyorwa / Zvishandiso

CISCO HyperFlex HX Data Platform [pdf] Mirayiridzo
HyperFlex HX Data Platform, HyperFlex, HX Data Platform, Data Platform, Platform

References

Related Posts

Siya mhinduro

Yako email kero haizoburitswa. Nzvimbo dzinodiwa dzakamakwa *