I-CISCO HyperFlex HX Data Platform

Ulwazi Lomkhiqizo

• Igama Lomkhiqizo: Ukubethelwa Kokuphepha kwe-HX
• Inguqulo: I-HXDP 5.01b
• Isixazululo Sokubethela: Isixazululo esisekelwe kwisofthiwe sisebenzisa i-Intersight Key Manager
• Uhlobo Lokubhala Ngemfihlo: Amadrayivu Okuzibethela (ama-SED)
• Izinhlobo ZeDrayivu Ezisekelwe: Ama-HDD nama-SSD ama-SED avela ku-Micron
• Amazinga Okuthobela: I-FIPS 140-2 ileveli 2 (abakhiqizi bezimoto) kanye ne-FIPS 140-2 ileveli 1 (inkundla)
• Ukubethela kwe-Cluster-Wide: Ukubethela ku-HX kufakwa ku-hardware ukuze uthole idatha ekuphumuleni kusetshenziswa ama-SED kuphela
• Ukubethela kwe-VM ngakunye: Iphathwa isofthiwe yenkampani yangaphandle efana ne-Hytrust noma iklayenti elisobala le-Vormetric
• Ukubethela kwe-VMware Native VM: Isekelwa i-HX ukuze isetshenziswe ngokubethela kwe-SED
• Ukuphathwa Okubalulekile: Ukhiye Wokubethela Wemidiya (MEK) kanye Nokhiye Wokubethela Ukhiye (KEK) asetshenziselwa i-SED ngayinye
• Ukusetshenziswa Kwenkumbulo: Okhiye bokubethela abakaze babe khona kumemori yenodi
• Umthelela Wokusebenza: Ukubethela kwediski/ukukhishwa kwemfihlo kuphathwa kuhadiwe yedrayivu, ukusebenza kohlelo lonke akuthinteki
• Izinzuzo ezengeziwe zama-SED:
  • Ukusulwa kwe-cryptographic ngokushesha kwezindleko ezincishisiwe zokuthatha umhlalaphansi nokuthunyelwa kabusha
  • Ukuhambisana nemithetho kahulumeni noma yemboni yobumfihlo bedatha
  • Ingcuphe yokwebiwa kwediski kanye nokwebiwa kwamanodi njengoba idatha ingafundeki lapho izingxenyekazi zekhompyutha sezisusiwe

Imiyalo yokusetshenziswa komkhiqizo

Ukuze usebenzise i-HX Security Encryption, landela le miyalelo:

1. Qinisekisa ukuthi isistimu yakho isekela ukubethela okusekelwe kuhadiwe noma ukuthi ukhetha isisombululo esisekelwe kusofthiwe usebenzisa Isiphathi Sekhiye se-Intersight.
2. Bheka kumadokhumenti okuphatha noma amaphepha amhlophe ukuze uthole ulwazi mayelana nokubethela okusekelwe kwisofthiwe.
3. Uma ukhetha ukusebenzisa ukubethela okusekelwe ku-hardware-based ngama-SED, qiniseka ukuthi iqoqo lakho le-HX liqukethe amanodi afanayo (ama-SED noma angewona ama-SED).
4. Kuma-SED, qonda ukuthi kunokhiye ababili abasetshenziswayo: Ukhiye Wokubethela Wemidiya (MEK) kanye Nokhiye Wokubethela ongukhiye (KEK).
5. I-MEK ilawula ukubethelwa kanye nokukhishwa kwemfihlo kwedatha kudiski futhi ivikelekile futhi ilawulwa kuhadiwe.
6. I-KEK ivikela i-MEK/DEK futhi igcinwa esitolo sokhiye sasendaweni noma esikude.
7. Ungakhathazeki ngokhiye abakhona kumemori yenodi, njengoba okhiye bokubethela abalokothi bagcinwe lapho.
8. Qaphela ukuthi ukubethela kwediski/ukukhipha ukubethela kuphathwa kuhadiwe yedrayivu, okuqinisekisa ukuthi ukusebenza kohlelo lonke akuthinteki.
9. Uma unezidingo ezithile zezindinganiso zokuthobela imithetho, qaphela ukuthi amadrayivu abethelwe e-HX SED ahlangabezana nezindinganiso ze-FIPS 140-2 level 2 ezivela kubakhiqizi bamadrayivu, kuyilapho Ukubethela kwe-HX endaweni kuhlangabezana nezindinganiso ze-FIPS 140-2 level 1.
10. Uma udinga ukubethela ama-VM angawodwana, cabanga ukusebenzisa isofthiwe yenkampani yangaphandle njenge-Hytrust noma iklayenti elisobala le-Vormetric. Kungenjalo, ungasebenzisa ukubethela kwe-VM komdabu kwe-VMware okwethulwe ku-vSphere 3.
11. Khumbula ukuthi ukusebenzisa iklayenti lokubethela le-VM ngaphezulu kokubethela okusekelwe ku-HX SED kuzophumela ekubethelweni okukabili kwedatha.
12. Qinisekisa ukuthi iqoqo lakho le-HX lixhunywe ngamanethiwekhi athembekile noma amahubhu abethelwe ukuze aphindaphindeke ngokuvikelekile, njengoba ukuphindaphinda kwe-HX akubetheliwe.

I-HX Security Encryption FAQ

Kusukela nge-HXDP 5.01b, i-HyperFlex inikeza isixazululo esisekelwe ku-software kusetshenziswa i-Intersight Key Manager kumasistimu okungenzeka angakusekeli ukubethela okusekelwe ku-hardware noma kubasebenzisi abafisa lokhu kusebenza kuzixazululo zehadiwe. Le FAQ igxile kuphela kuzixazululo zehadiwe ezisekelwe ku-SED zokubethela kwe-HX. Bona amadokhumenti okuphatha noma amaphepha amhlophe ukuze uthole ulwazi lokubethela okusekelwe kusofthiwe.

Isitatimende Sokuchema
Amadokhumenti asethelwe lo mkhiqizo alwela ukusebenzisa ulimi olungachemi. Ngezinjongo zale sethi yamadokhumenti, ukungakhethi kuchazwa njengolimi olungasho ukucwasa okusekelwe eminyakeni yobudala, ukukhubazeka, ubulili, ukuhlonza uhlanga, ukuhlonza ubuzwe, ukukhetha ubulili, isimo senhlalo-mnotho, kanye nokuhlangana kwemigwaqo. Okuhlukile kungase kube khona kumadokhumenti ngenxa yolimi olunekhodi eqinile endaweni yomsebenzisi yesofthiwe yomkhiqizo, ulimi olusetshenziswa ngokusekelwe kumadokhumenti asezingeni, noma ulimi olusetshenziswa umkhiqizo wezinkampani zangaphandle okubhekiselwe kuwo.

Kungani i-Cisco Yezokuphepha kanye ne-HX Encryption 

• Q 1.1: Yiziphi izinqubo ezikhona zokuthuthukiswa okuphephile?
  A 1.1: Amaseva e-Cisco abambelela ku-Cisco Secure Development Lifecycle (CSDL):
  • I-Cisco ihlinzeka ngezinqubo, izindlela, izinhlaka zokuthuthukisa ukuphepha okushumekiwe kumaseva e-Cisco, hhayi nje imbondela.
  • Ithimba elizinikele le-Cisco lokumodela okusongelayo/ukuhlaziya okumile kuphothifoliyo yomkhiqizo we-UCS
  • I-Cisco Advanced Security Initiative Group (ASIG) yenza ukuhlola kokungena ngokushesha ukuze iqonde ukuthi izinsongo zingena kanjani futhi zilungise izinkinga ngokuthuthukisa i-HW & SW ngama-CDETS nobunjiniyela.
  • Ithimba elizinikele le-Cisco ukuhlola nokusingatha ubungozi obuphumayo kanye nokuxhumana njengabeluleki bezokuphepha kumakhasimende
  • Yonke imikhiqizo engaphansi idlula ezimfuneko eziyisisekelo zokuphepha komkhiqizo (PSB) ezilawula izindinganiso zokuphepha zemikhiqizo ye-Cisco
  • I-Cisco yenza ukuhlola kokuqina kwe-Vulnerability/Protocol kukho konke ukukhishwa kwe-UCS
• Q 1.2: Kungani i-SED ibalulekile?
  A 1.2: Ama-SED asetshenziselwa ukubethela kwedatha-at-rest futhi ayimfuneko kwabaningi, uma kungezona zonke, izikhungo zefederal, medical, kanye nezezimali.

Ulwazi Olujwayelekile Ngaphezuluview

• Q 2.1: Ayini ama-SED?
  A 2.1: I-SED (Amadrayivu Okuzibethela) anezingxenyekazi zekhompyutha ezikhethekile ezibethela idatha engenayo futhi zisuse ukubethela idatha ephumayo ngesikhathi sangempela.
• Q 2.2: Ingakanani ububanzi bokubethela ku-HX?
  A 2.2: Ukubethela ku-HX okwamanje kusetshenziswa ku-hardware ukuze uthole idatha ekuphumuleni kusetshenziswa amadrayivu abethelwe (SEDs). Ukubethela kwe-HX kubanzi ngeqoqo. Ukubethela kwe-VM komuntu ngamunye kuphathwa isofthiwe yenkampani yangaphandle njenge-Hytrust noma iklayenti esobala le-Vormetric futhi ingaphandle kobubanzi bezibopho ze-HX. I-HX futhi isekela ukusetshenziswa kokubethela kwe-VM komdabu kwe-VMware okwethulwe ku-vSphere 3. Ukusetshenziswa kweklayenti lokubethela le-VM ngaphezulu kokubethela okusekelwe ku-HX SED kuzoholela ekubethelweni okuphindwe kabili kwedatha. Ukuphindaphinda kwe-HX akubethelwe futhi kuncike kumanethiwekhi athembekile noma imigudu ebethelwe efakwe umsebenzisi wokugcina.
• Q 2.3: Yiziphi izindinganiso zokuthobela ezihlangatshezwana nokubethela kwe-HX?
  A 2.3: Amadrayivu abethelwe we-HX SED ahlangabezana nezindinganiso ze-FIPS 140-2 level 2 ezivela kubakhiqizi bamadrayivu. Ukubethela kwe-HX endaweni kuhlangabezana nezindinganiso ze-FIPS 140-2 level 1.
• Q 2.4: Ingabe sisekela kokubili i-HDD ne-SSD ekubetheleni?
  A 2.4: Yebo sisekela kokubili i-HDD ne-SSD SEDs evela kwaMicron.
• Q 2.5: Ingabe iqoqo le-HX lingaba namadrayivu abethelwe nangabhaliwe ngesikhathi esisodwa?
  A 2.5: Wonke ama-node ku-cluster kumele afane (ama-SED noma angewona ama-SED)
• Q 2.6: Yiziphi izikhiye ezisetshenziswa ku-SED futhi zisetshenziswa kanjani?
  A 2.6: Kukhona okhiye ababili abasetshenziswayo ku-SED ngayinye. I-Media Encryption Key (MEK) ebizwa nangokuthi i-Disk Encryption Key (DEK), ilawula ukubethela nokukhishwa kwedatha kudiski futhi ivikelwe futhi iphathwe kuhadiwe. Ukhiye Wokubethela Ukhiye (KEK) uvikela i-DEK/MEK futhi ugcinwa kusitolo sokhiye sasendaweni noma esikude.
• Q 2.7: Ingabe okhiye bake baba khona enkumbulweni?
  A 2.7: Okhiye bokubethela abakaze babe khona kumemori yenodi
• Q 2.8: Ukusebenza kuthintwa kanjani inqubo yokubethela/yokukhipha ukubethela?
  A 2.8: Ukubethela kwediski/ukukhipha ukubethela kuphathwa kuhadiwe yedrayivu. Ukusebenza kwesistimu sekukonke akuthinteki futhi akukho ngaphansi kokuhlaselwa okuqondiswe kwezinye izingxenye zesistimu
• Q 2.9: Ngaphandle kokubethela lapho uphumule, yiziphi ezinye izizathu zokusebenzisa ama-SED?
  A 2.9: Ama-SED anganciphisa izindleko zokuthatha umhlalaphansi nezindleko zokuphinda zisetshenziswe ngokucishwa kwe-cryptographic ngokushesha. Futhi zisebenzela ukuthobela imithetho kahulumeni noma yemboni yobumfihlo bedatha. Enye i-advantage ingozi encishisiwe yokuntshontshwa kwediski kanye nokwebiwa kwenodi njengoba idatha, uma i-hardware isikhishiwe ku-ecosystem, ayifundeki.
• Q2.10: Kwenzakalani ngokudonswa kanye nokucindezelwa ngama-SED? Kwenzekani ngokubethela okususelwe kusofthiwe yenkampani yangaphandle?
  A2.10: Ukukhipha kabili nokuminyanisa ngama-SED ku-HX kugcinwa njengoba idatha ekuphumuleni ukubethela kwenzeka njengesinyathelo sokugcina senqubo yokubhala. Ukuncishiswa nokucindezelwa sekuvele kwenzeka. Ngemikhiqizo yokubethela esekelwe kuhlelo lwesofthiwe yenkampani yangaphandle, ama-VM aphatha ukubethela kwawo futhi adlulise abhalela i-hypervisor bese kulandela i-HX. Njengoba lokhu kubhala sekuvele kubethelwe, akuqediwe noma kucindezelwe. I-HX Software Based Encryption (ku-codeline engu-3.x) izoba yisixazululo sesofthiwe sokubethela esisetshenziswa esitakini ngemva kokuthuthukiswa kokubhala (ukuphindaphinda nokuminyanisa) ukuze inzuzo izogcinwa kuleso simo.

Isithombe esingezansi siphelileview ukuqaliswa kwe-SED nge-HX.

Imininingwane YeDrayivu 

• Q 3.1: Ubani owenza amadrayivu abethelwe asetshenziswa ku-HX?
  A 3.1: I-HX isebenzisa amadrayivu akhiqizwe iMicron: Amadokhumenti aqondene neMicron axhunywe esigabeni semibhalo esekelayo sale FAQ.
• Q 3.2: Ingabe siyawasekela noma imaphi ama-SED angahambisani ne-FIPS?
  A 3.2: Siphinde sisekele amanye amadrayivu angewona ama-FIPS, kodwa asekela i-SED (TCGE).
• Q 3.3: Iyini i-TCG?
  A 3.3: I-TCG iyi-Trusted Computing Group, edala futhi ilawule izinga lokucaciswa kokugcinwa kwedatha ebethelwe
• Q 3.4: Yini ethathwa njengokuphepha kwesigaba sebhizinisi uma kukhulunywa ngama-SAS SSD esikhungo sedatha? Yiziphi izici ezithile lawa madrayivu anazo eziqinisekisa ukuphepha nokuvikela ekuhlaselweni?
  A 3.4: Lolu hlu lufingqa izici ezisezingeni lebhizinisi zama-SED asetshenziswa ku-HX nokuthi ahlobana kanjani nezinga le-TCG.
  1. Amadrayivu azibhalayo (ama-SED) ahlinzeka ngokuvikeleka okuqinile kwedatha ekuphumuleni ku-SED yakho, avimbele ukufinyelela kwedatha okungagunyaziwe. I-Trusted Computing Group (TCG) ithuthukise uhlu lwezici nezinzuzo zamadrayivu azibhalayo kuwo womabili ama-HDD nama-SSD. I-TCG ihlinzeka ngezinga elibizwa ngokuthi i-TCG Enterprise SSC (Ikilasi Lesistimu Engaphansi Kokuphepha) futhi ligxile kudatha lapho uphumule. Lokhu kuyimfuneko yawo wonke ama-SED. Ukucaciswa kusebenza kumadivayisi okugcina idatha nezilawuli ezisebenza kusitoreji sebhizinisi. Uhlu luhlanganisa:
     • Ukubonisa ngale: Alukho uhlelo noma ukuguqulwa kohlelo oludingekayo; ukhiye wokubethela okhiqizwe idrayivu ngokwayo, kusetshenziswa ijeneretha yenombolo engahleliwe engaphakathi ebhodini; idrayivu ihlezi ibhala ngekhodi.
     • Ukuphatha kalula: Awukho ukhiye wokubethela ongawuphatha; abathengisi be-software basebenzisa isixhumi esibonakalayo esimisiwe ukuze baphathe ama-SED, okuhlanganisa nokuphathwa okukude, ukufakazela ubuqiniso bangaphambi kokuqaliswa, kanye nokutholwa kwephasiwedi
     • Izindleko zokulahla noma zokuphinda zenziwe kabusha: Nge-SED, sula ukhiye wokubethela osebhodini
     • Ukubethela kabusha: Nge-SED, asikho isidingo sokuphinda ubethele idatha
     • Ukusebenza: Akukho ukuwohloka ekusebenzeni kwe-SED; i-hardware-based
     • Ukumisa: Imboni yokushayela yonke yakhela i-TCG/SED Specifications
     • Okwenziwe lula: Akukho ukuphazamiseka kwezinqubo ezikhuphuka nomfula
  2. Ama-SED e-SED ahlinzeka ngekhono lokusula idrayivu nge-cryptographically. Lokhu kusho ukuthi umyalo olula oqinisekisiwe ungathunyelwa kudrayivu ukuze kushintshwe ukhiye wokubethela we-256-bit ogcinwe kudrayivu. Lokhu kuqinisekisa ukuthi idrayivu iyasulwa futhi ayikho idatha esele. Ngisho nesistimu yokusingatha yoqobo ayikwazi ukufunda idatha, ngakho-ke ngeke ifundeke ngokuphelele yinoma iyiphi enye isistimu. Umsebenzi uthatha amasekhondi ambalwa kuphela, ngokungafani namaminithi amaningi noma amahora amaningi awathathayo ukwenza umsebenzi ofana ne-HDD engabetheliwe futhi ugwema izindleko zemishini ebizayo ye-HDD yokususa igesi noma amasevisi.
  3. I-FIPS (Federal Information Processing Standard) 140-2 iyindinganiso kahulumeni wase-US echaza ukubethela kanye nezimfuneko zokuphepha ezihlobene okufanele imikhiqizo ye-IT ihlangabezane nazo ukuze zisetshenziswe ezibucayi, kodwa ezingafakwanga esigabeni. Lokhu kuvame ukuba yimfuneko kuma-ejensi kahulumeni kanye nezinkampani ezisezimbonini zezezimali kanye nezimboni zokunakekelwa kwezempilo. I-SSD eqinisekisiwe i-FIPS-140-2 isebenzisa izinqubo zokuphepha eziqinile ezihlanganisa ama-algorithms okubethela agunyaziwe. Iphinde icacise ukuthi abantu noma ezinye izinqubo kumele zigunyazwe kanjani ukuze kusetshenziswe umkhiqizo, nokuthi amamojula noma izingxenye kufanele zakhelwe kanjani ukuze zihlanganyele ngokuphephile namanye amasistimu. Eqinisweni, enye yezidingo zedrayivu ye-SSD eqinisekisiwe ye-FIPS-140-2 ukuthi iyi-SED. Khumbula ukuthi nakuba i-TCG kungeyona ukuphela kwendlela yokuthola idrayivu ebethelwe eqinisekisiwe, imininingwane ye-TCG Opal kanye ne-Enterprise SSC isinikeza isitebhisi sokuqinisekisa i-FIPS. 4. Esinye isici esibalulekile Ukulandwa Okuvikelekile kanye Nokuxilongwa. Lesi sici se-firmware sivikela ukushayela ekuhlaselweni kwesofthiwe ngokusebenzisa isiginesha yedijithali eyakhelwe ku-firmware. Uma okulandwayo kudingekile, isiginesha yedijithali ivimbela ukufinyelela okungagunyaziwe kudrayivu, ivimbela i-firmware yomgunyathi ukuthi ingalayishwa kudrayivu.

Faka i-Hyperflex ngama-SED

• Q 4.1: Isifaki sikuphatha kanjani ukuthunyelwa kwe-SED? Ingabe akhona amasheke akhethekile?
  A 4.1: Isifaki sixhumana ne-UCSM futhi siqinisekisa ukuthi i-firmware yesistimu ilungile futhi isekelwa ihadiwe etholiwe. Ukuhambisana nokubethela kuyahlolwa futhi kuyaphoqelelwa (isb, akukho ukuxutshwa kwe-SED nokungeyona i-SED).
• Q 4.2: Ingabe ukuthunyelwa kwehlukile ngenye indlela?
  A 4.2: Ukufakwa kuyafana nokufakwa kwe-HX okuvamile, nokho, ukuhamba komsebenzi ngokwezifiso akusekelwe kuma-SED. Lo msebenzi udinga ukuqinisekisa kwe-UCSM kuma-SED nawo.
• Q 4.3: Ilayisensi isebenza kanjani ngokubethela? Ingabe kukhona okungeziwe okudingeka kube khona?
  A 4.3: Izingxenyekazi zekhompuyutha ze-SED (ezi-odwe efekthri, hhayi ukubuyisela kabusha) + HXDP 2.5 + UCSM (3.1(3x)) ukuphela kwezinto ezidingekayo ukuze kunikwe amandla ukubethela ngokuphathwa kokhiye. Akukho ukulayisensa okwengeziwe ngaphandle kokubhaliselwe kwesisekelo kwe-HXDP okudingekayo ekukhishweni kwe-2.5.
• Q 4.4: Kwenzekani uma nginesistimu ye-SED enamadrayivu angasatholakali? Ngingalikhulisa kanjani leli qoqo?
  A 4.4: Noma nini lapho sine-PID ewukuphela kwempilo evela kubahlinzeki bethu, siba ne-PID emiselela ehambisana ne-PID endala. Le PID emiselela ingasetshenziselwa i-RMA, ukunwetshwa ngaphakathi kwendawo, kanye nokwandiswa kweqoqo (ngamanodi amasha). Zonke izindlela ziyasekelwa, nokho, zingadinga ukuthuthukela ekukhishweni okuthile okuphinde kukhonjwe kumanothi okukhishwa kwenguquko.

Ukuphatha Okubalulekile

• Q 5.1: Kuyini Ukuphathwa Okubalulekile?
  A 5.1: Ukuphatha okubalulekile kuyimisebenzi ehilelekile ekuvikeleni, ekugcinweni, ekusekeleni nasekuhleleni okhiye bokubethela. I-HX isebenzisa lokhu kunqubomgomo ye-UCSM-centric.
• Q 5.2: Iyiphi indlela ehlinzeka ngosekelo lokucushwa kokhiye?
  A 5.2: I-UCSM inikeza usekelo ukuze ulungiselele okhiye bokuphepha.
• Q 5.3: Iluphi uhlobo lokuphatha olubalulekile olukhona?
  A 5.3: Ukuphathwa kwasendaweni kokhiye kuyasekelwa, kanye nokuphathwa kokhiye wesilawuli kude sebhizinisi ngamaseva okhiye wokuphatha wenkampani yangaphandle.
• Q 5.4: Obani ozakwethu bokuphatha ababalulekile abakude?
  A 5.4: Okwamanje sisekela i-Vormetric ne-Gemalto (Safenet) futhi ihlanganisa ukutholakala okuphezulu (HA). I-HyTrust isekuhlolweni.
• Q 5.5: Ukuphathwa kokhiye okude kwenziwa kanjani?
  A 5.5: Ukuphathwa kokhiye wesilawuli kude kuphathwa nge-KMIP 1.1.
• Q 5.6: Ngabe ukuphathwa kwendawo kumiswa kanjani?
  A 5.6: Ukhiye wokuqinisekisa ubunikazi (KEK) ulungiselelwe ku-HX Connect, ngokuqondile ngumsebenzisi.
• Q 5.7: Ngabe ukuphathwa okukude kumiswa kanjani?
  A 5.7: Ulwazi lwekheli leseva lokuphathwa kokhiye okude (KMIP) kanye nemininingwane yokungena lulungiswa ku-HX Connect ngumsebenzisi.
• Q 5.8: Iyiphi ingxenye ye-HX exhumana neseva ye-KMIP ukuze icushwe?
  A 5.8: I-CIMC endaweni ngayinye isebenzisa lolu lwazi ukuze ixhume kuseva ye-KMIP futhi ithole ukhiye wokuqinisekisa ubunikazi (KEK) kuyo.
  
• Q 5.9: Yiziphi izinhlobo zezitifiketi ezisekelwayo kunqubo yokukhiqiza/ukubuyisa/yokuvuselela ukhiye?
  A 5.9: Izitifiketi ezisayiniwe nge-CA nezizisayinele zombili ziyasekelwa.
  
• Q 5.10: Yikuphi ukugeleza komsebenzi okusekelwa ngenqubo yokubethela?
  A 5.10: Vikela/ungavikeli usebenzisa iphasiwedi yangokwezifiso kusekelwa kanye nokuguqulwa kokulawula ukhiye wendawo ukuya kwesilawuli kude. Imisebenzi yokhiye kabusha iyasekelwa. Ukusebenza okuvikelekile kokusula kwediski nakho kuyasekelwa.
  

Ukuhamba komsebenzisi: Kwasendaweni

• Q 6.1: Ku-HX Connect, ngingamisa kuphi ukuphathwa kokhiye bendawo?
  A 6.1: Kudeshibhodi Yokubethela khetha inkinobho yokumisa bese ulandela iwizadi.
• Q 6.2: Yini okufanele ngibe sengilungile ukuze ngiqale lokhu?
  A 6.2: Uzodinga ukunikeza umushwana wokuphepha wezinhlamvu ezingu-32.
• Q 6.3: Kwenzekani uma ngidinga ukufaka i-SED entsha?
  A 6.3: Ku-UCSM uzodinga ukuhlela inqubomgomo yokuphepha yendawo futhi usethe ukhiye osetshenzisiwe kukhiye we-node okhona.
• Q 6.4: Kwenzekani uma ngifaka idiski entsha?
  A 6.4: Uma ukhiye wokuqinisekisa ubunikazi kudiski ufana noweseva (i-node) uyavuleka ngokuzenzakalelayo. Uma okhiye bokuvikela behlukile, idiski izovela njengokuthi “Ikhiyiwe”. Ungakwazi ukusula idiski ukuze ususe yonke idatha noma uyivule ngokunikeza ukhiye olungile. Lesi yisikhathi esihle sokuxhumana ne-TAC.

Ukuhamba komsebenzisi: Kude

• Q 7.1: Yiziphi ezinye izinto okufanele ngiziqaphele ngokucushwa kokhiye wesilawuli kude?
  A 7.1: Ukuxhumana phakathi kweqoqo kanye ne(ama)seva ye-KMIP kwenzeka phezu kwe-CIMC kunodi ngayinye. Lokhu kusho ukuthi igama lomethuleli lingasetshenziselwa iseva ye-KMIP kuphela uma ikheli le-Inband IP kanye ne-DNS kulungiselelwe kubaphathi be-CIMC.
• Q 7.2: Kwenzekani uma ngidinga ukufaka esikhundleni noma ukufaka i-SED entsha?
  A 7.2: Iqoqo lizofunda isihlonzi kudiski bese lizama ukuyivula ngokuzenzakalelayo. Uma ukuvula okuzenzakalelayo kwehluleka, idiski iza ngokuthi “ikhiyiwe” futhi umsebenzisi kufanele ayivule ngokwakhe idiski. Kuzodingeka ukopishele izitifiketi kumaseva we-KMIP ukuze uthole ukushintshaniswa kokuqinisekisa.
• Q 7.3: Ngizikopisha kanjani izitifiketi kusukela kuqoqo ukuya ku(ama)seva ye-KMIP?
  A 7.3: Kunezindlela ezimbili zokwenza lokhu. Ungakwazi ukukopisha isitifiketi kusuka ku-BMC kuya kuseva ye-KMIP ngokuqondile noma ungasebenzisa i-CSR ukuze uthole isitifiketi esisayinwe yi-CA futhi ukopishe isitifiketi esisayinwe yi-CA ku-BMC usebenzisa imiyalo ye-UCSM.
• Q 7.4: Yikuphi ukucatshangelwa okukhona kokwengeza ama-node abethelwe kuqoqo elisebenzisa ukuphathwa kokhiye okude?
  A 7.4: Uma wengeza abasingathi abasha kuseva ye-KMIP), igama lokusingatha elisetshenziswayo kufanele kube inombolo ye-serial yeseva. Ukuze uthole isitifiketi seseva ye-KMIP, ungasebenzisa isiphequluli ukuze uthole isitifiketi esiyimpande yeseva ye-KMIP.

Ukugeleza komsebenzisi: Okuvamile

• Q 8.1: Ngiyisula kanjani idiski?
  A 8.1: Kudeshibhodi ye-HX Connect, khetha ulwazi lwesistimu view. Ukusuka lapho ungakhetha amadiski ngamanye ukuze uwasule ngokuvikelekile.
• Q 8.2: Kuthiwani uma ngisule idiski ngephutha?
  A 8.2: Uma ukusula okuvikelekile kusetshenziswa idatha ichithwa unomphela
• Q 8.3: Kwenzekani uma ngifuna ukuyekisa i-node noma ngihlukanise uchwepheshe wesevisifile?
  A 8.3: Azikho kulezi zenzo ezizosusa ukubethela kudiski/isilawuli.
• Q 8.4: Ngabe ukubethela kukhutshazwa kanjani?
  A 8.4: Umsebenzisi kufanele akhubaze ngokusobala ukubethela ku-HX Connect. Uma umsebenzisi ezama ukususa inqubomgomo yokuvikeleka ku-UCSM lapho iseva ehlotshaniswayo ivikelekile, i-UCSM izobonisa ukwehluleka kokulungiselela futhi ingasivumeli isenzo. Inqubomgomo yezokuphepha kufanele ikhutshazwe kuqala.

Ukugeleza komsebenzisi: Ukuphathwa kwesitifiketi

• Q 9.1: Ziphathwa kanjani izitifiketi ngesikhathi sokusethwa kokuphatha okukude?
  A 9.1: Izitifiketi zidalwa kusetshenziswa i-HX Connect kanye ne(ama)seva ye-KMIP ekude. Izitifiketi uma sezidaliwe cishe ngeke zisuswe.
• Q 9.2: Hlobo luni lwezitifiketi engingazisebenzisa?
  A 9.2: Ungasebenzisa izitifiketi zokuzisayina noma izitifiketi ze-CA. Kufanele ukhethe ngesikhathi sokusetha. Ezitifiketini ezisayiniwe ze-CA uzokhiqiza isethi Yezicelo Zokusayina Isitifiketi (ama-CSR). Izitifiketi ezisayiniwe zilayishwa kuseva ye-KMIP.
• Q 9.3: Iliphi igama lomethuleli okufanele ngisebenzise lapho ngikhiqiza izitifiketi?
  A 9.3: Igama lomethuleli elisetshenziselwa ukukhiqiza isitifiketi kufanele libe inombolo ye-serial yeseva.

Ukuvuselelwa kwe-Firmware

• Q 10.1: Ingabe ikhona imikhawulo ekuthuthukiseni i-firmware yediski?
  A 10.1: Uma idrayivu ekwazi ukubethela itholwa, noma yiziphi izinguquko ze-firmware zediski ngeke zivunyelwe kuleyo diski.
• Q 10.2: Ingabe ikhona imikhawulo ekuthuthukiseni i-firmware ye-UCSM?
  A 10.2: Ukwehliswa kwe-UCSM/CIMC ukuya kwangaphambi kwe-UCSM 3.1(3x) kukhawulelwe uma kukhona isilawuli esisesimweni esivikelekile.

Vikela Imininingwane Yokusula

• Q 11.1: Yini i-Secure Erase?
  A 11.1: Ukusula okuvikelekile ukusula okusheshayo kwedatha kudrayivu (sula ukhiye wokubethela wediski). Lokhu kusho ukuthi umyalo olula oqinisekisiwe ungathunyelwa kudrayivu ukuze kushintshwe ukhiye wokubethela we-256-bit ogcinwe kudrayivu. Lokhu kuqinisekisa ukuthi idrayivu iyasulwa futhi ayikho idatha esele. Ngisho nesistimu yokusingatha yoqobo ayikwazi ukufunda idatha ngakho-ke ngeke ifundeke inoma iyiphi enye isistimu. Umsebenzi uthatha amasekhondi ambalwa kuphela, ngokungafani namaminithi amaningi noma ngisho namahora awathathayo ukwenza umsebenzi ofana nediski engabetheliwe futhi ugwema izindleko zempahla ebizayo yokususa noma amasevisi.
• Q 11.2: Kwenziwa kanjani ukusula okuvikelekile?
  A 11.2: Lokhu ukusebenza kwe-GUI okwenziwa idrayivu eyodwa ngesikhathi.
• Q 11.3: Ngokuvamile kwenziwa nini ukusula okuvikelekile?
  A 11.3: Ukusula okuvikelekile okuqalwe ngumsebenzisi kwediski eyodwa kuwumsebenzi ongavamile. Lokhu kwenziwa kakhulu uma ufuna ukususa ngokoqobo idiski ukuze uyishintshe, uyidlulisele kwenye indawo, noma ugweme ukwehluleka okuseduze.
• Q 11.4: Imiphi imikhawulo ekhona ekusuleni okuvikelekile?
  A 11.4: Imisebenzi yokusula evikelekile ingenziwa kuphela uma iqoqo liphilile ukuze kuqinisekiswe ukuthi ukuqina kwephutha kweqoqo akuthinteki.
• Q 11.5: Kwenzekani uma ngidinga ukususa yonke i-node?
  A 11.5: Kukhona i-node yokususa kanye ne-node esikhundleni sokugeleza komsebenzi ukusekela ukusula okuphephile kwawo wonke amadrayivu. Bheka umhlahlandlela wokuphatha ukuze uthole imininingwane noma uthintane ne-Cisco TAC.
• Q 11.6: Ingabe idiski esulwe ngokuvikelekile ingasetshenziswa kabusha?
  A 11.6: Idiski esulwe ngokuvikelekile ingasetshenziswa kabusha kuqoqo elihlukile kuphela. Ukusula okuvikelekile kwe-SED kwenziwa ngokusula ukhiye wokubethela wediski (DEK). Idatha ekudiski ayikwazi ukususwa ukubethela ngaphandle kwe-DEK. Lokhu kukuvumela ukuthi usebenzise kabusha noma uhoxise idiski ngaphandle kokuphazamiseka kwedatha.
• Q 11.7: Kwenzekani uma idiski engifuna ukuyisula iqukethe ikhophi yokugcina eyinhloko yedatha yeqoqo?
  A 11.7: Idatha ekudiski kufanele ibe namanye amakhophi kuqoqo ukuze kugwenywe ukulahleka kwedatha. Nokho, uma ukusula okuvikelekile kuceliwe kudiski okuyikhophi yokugcina eyinhloko, khona-ke lo msebenzi uzonqatshwa kuze kube yilapho sekutholakala okungenani ikhophi eyodwa. Ukulinganisa kufanele kube ukwenza le khophi ngemuva.
• Q 11.8: Ngidinga ngempela ukusula ngokuvikelekile idiski, kodwa iqoqo aliphilile. Ngingakwenza kanjani?
  A 11.8: Umugqa womyalo (STCLI/HXCLI) uzovumela ukusula okuvikelekile lapho iqoqo linempilo futhi idiski ingenayo ikhophi yokugcina eyinhloko, ngaphandle kwalokho ayivunyelwe.
• Q 11.9: Ngingayisula kanjani ngokuphephile yonke i-node?
  A 11.9: Lesi yisimo esiyivelakancane. Ukusula okuvikelekile kwawo wonke amadiski ku-node kwenziwa lapho umuntu efuna ukukhipha i-node kuqoqo. Inhloso iwukusebenzisa i-node kuqoqo elihlukile noma ukukhulula i-node. Singahlukanisa ukususwa kwamanodi kulesi simo ngezindlela ezimbili ezihlukene:
  1. Vikela ukusula wonke amadiski ngaphandle kokukhubaza ukubethela
  2. Vikela ukusula wonke amadiski alandelwa ukukhubaza ukubethela kwaleyo nodi (namadiski). Sicela uthinte i-Cisco TAC ukuze uthole usizo.

Ukunwetshwa Okuvikelekile Kweqoqo

• Q 12.1: Hlobo luni lwe-node enginganweba ngalo iqoqo elibethelwe?
  A 12.1: Amanodi anamandla e-SED kuphela angengezwa ku-HX Cluster enama-SED.
• Q 12.2: Kusingathwa kanjani ukunwetshwa kokuphathwa kokhiye bendawo?
  A 12.2: Ukunwetshwa kokhiye wendawo kuwumsebenzi ongenazihibe ongekho ngaphandle kokucushwa okudingekayo.
• Q 12.3: Kusingathwa kanjani ukunwetshwa ngokuphathwa kokhiye wesilawuli kude?
  A 12.3: Ukunwetshwa kokhiye wesilawuli kude kudinga ukukhiya ngezitifiketi/ingqalasizinda yokuphatha ukhiye:
  • Izitifiketi ziyadingeka ukuze wengeze inodi entsha ngokuphephile
  • Ukuthunyelwa kuzobonisa isexwayiso esinezinyathelo zokuqhubeka ezihlanganisa isixhumanisi sokulanda isitifiketi
  • Umsebenzisi ulandela izinyathelo zokulayisha izitifiketi abese ezama futhi ukuthunyelwa

Amadokhumenti Asekelayo

I-Micron:

• https://www.micron.com/about/blogs/2016/may/selfencrypting-drives-understanding-the-strategy-of-security
• https://www.micron.com/~/media/documents/products/technical-marketing-brief/5100_sed_tcg-e_tech_brief.pdf
• https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp2667.pdf
• https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp2382.pdf

FIPS

• Uhlu lwama-algorithms e-crypto avunyelwe i-FIPS 140-2: https://csrc.nist.gov/csrc/media/publications/fips/140/2/final/documents/fips1402annexa.pdf

Ama-CDETS:

• Iphrojekthi: CSC.nuova Umkhiqizo: ucs-blade-server Ingxenye: ucsm

I-SED Functional Specification:

• I-EDCS: 1574090

Ukucaciswa kwe-SED CIMC:

• http://wwwin-eng.cisco.com/Eng/SAVBU/Projects/Rackmount/Freel_Peak/SW_Specs/Remote_Key_Mgmt_sw_design_spec.doc

Uhlu Lwemeyili:

• ucsm-dev@cisco.com
• ask-hci-tme@cisco.com
• ask-hci-pm@cisco.com

Amadokhumenti / Izinsiza

I-CISCO HyperFlex HX Data Platform [pdf] Iziyalezo I-HyperFlex HX Data Platform, HyperFlex, HX Data Platform, Data Platform, Platform

Izithenjwa

• Imaniwali yosebenzisayo