Hello James,

Thank you for your response.

I am/was aware that I can set a power-up password but this is not the password support I am looking for. I am looking for SATA HDD password support. These passwords are part of the SATA spec.

To explain: My concern is data-at-rest (when the disk gets stolen) security for the data on  the HDDs in my server. For that part I want to be able to use hardware self encrypting disks (SED) in the server. No performance hits with HW encryption (vs software encryption).

With SATA I would expect the system to ask for the HDD user or master password at boot time. The systen would not know if the disk is hardware encryped or not - it uses SATA user or master password to unlock access to the encryption key and behaves just like any SATA drive with user and/or master password set.

An example of such disks (the SATA encryption variants): http://www.seagate.com/www/en-us/products/enterprise-ssd-hdd/constellation/constellation-2/#tTabCont...

So my question remains - will the SD210 ask for SATA HDD passwords at boot time (if thise passwords are set on the disks of course).

Thanks,

R.

PS. Indeed ThinkPads do somehow automatically use the power-on password for HDD password - if enabled and if it is the same.

yes, power-on passwords can be set.   the on-screen appearance is exactly like a thinkpad and shares identical icons.

Thank you Erik! Good news.

It is a bit of a lingo thing - but from your response I assume HDD passwords are covered by what you call power-on passwords. Correct?

Do you happen to know how the system deals with HDD passwords if the disks are placed in RAID 1 using the hardware raid controller <edit: should be more specific: the MR10i raid controller>?

Your input is most appreciated!

R.

Thanks Erik!

I gather that the system will not inquire about the hdd passwords either when the disks are used in a RAID array with passwords pre-set outside the server (vs _setting_ them via the server BIOS) ?

I'll have a look at LSI but was hoping find a solution in a single system/fom a single vendor.

IBM ServeRAID M5014 an M5015 with the ServeRAID M5000 Advanced Feature Key seem to offer similar functionality. All relying on TCG/TPM.

I use SATA SED/FDE on our laptops and like it for its simplicity ... was hoping to find similar support in RAID1 on a server...

Best!

R.

those ServeRAID cards are actually LSI hardware.   so, you're essentially getting to the same place via a different road.   by all means go with the IBM option though as it will be part of your support package.

regarding setting passwords on drives before adding them to an array, i don't believe that will work.   you could certainly test it but i suspect it will cause errors with the controller or that the controller won't be able to see the drives.

you might also consider skipping RAID and imaging your drives via windows server backup.   this would allow you to use passwords on each drive, then recover a failed disk via image if something goes down.   RAID isn't backup after all.   you still need a good backup plan in the event your array has issues.

online data backup is another option.

Please remember that if you use any option in the system, you will need to use Lenovo options. If you have a support issue after using non-Lenovo options, any warranty claims may be turned away or you will be asked to utilize supported Lenovo options.

Lenovo servers currently do not support HDD passwords. However, that has been passed along.

As for the backup option Erik mentioned, you definitely need a backup plan and one preferably with off-site backup.