11-30-2011 02:19 AM
Considering the purchase of a couple of RD210 servers.
It is a requirement for me that the server supports SATA HDD passwords in the sense that it should ask for user or supervisor HDD password (if set) for the drives at boot time (just like a lenovo thinkpad would).
From doc/spec and consulting a lenovo distributor it is not clear if RD210 does provide support for SATA HDD passwords.
Can somebody shed some light in SATA HDD support of the RD210 (maybe from experience)?
Solved! Go to Solution.
12-18-2011 05:07 PM
A power-on password can be set according to the Installation and User Guide. Here is a link directly to the guide to help you: http://support.lenovo.com/en_US/detail.page?LegacyDocID=MIGR-72549
However, I would recommend taking a look at the RD230 or RD240.
12-20-2011 09:15 AM
Thank you for your response.
I am/was aware that I can set a power-up password but this is not the password support I am looking for. I am looking for SATA HDD password support. These passwords are part of the SATA spec.
To explain: My concern is data-at-rest (when the disk gets stolen) security for the data on the HDDs in my server. For that part I want to be able to use hardware self encrypting disks (SED) in the server. No performance hits with HW encryption (vs software encryption).
With SATA I would expect the system to ask for the HDD user or master password at boot time. The systen would not know if the disk is hardware encryped or not - it uses SATA user or master password to unlock access to the encryption key and behaves just like any SATA drive with user and/or master password set.
An example of such disks (the SATA encryption variants): http://www.seagate.com/www/en-us/products/enterprise-ssd-hdd/constellation/constellation-2/#tTabCont...
So my question remains - will the SD210 ask for SATA HDD passwords at boot time (if thise passwords are set on the disks of course).
PS. Indeed ThinkPads do somehow automatically use the power-on password for HDD password - if enabled and if it is the same.
12-21-2011 06:30 AM - edited 12-21-2011 08:20 AM
Thank you Erik! Good news.
It is a bit of a lingo thing - but from your response I assume HDD passwords are covered by what you call power-on passwords. Correct?
Do you happen to know how the system deals with HDD passwords if the disks are placed in RAID 1 using the hardware raid controller <edit: should be more specific: the MR10i raid controller>?
Your input is most appreciated!
12-21-2011 08:28 AM - edited 01-03-2012 09:44 AM
ah, yes, by power-on passwords i was referring to BIOS and power-on for supervisor and/or user. i was lumping them together in one batch.
there are third-party RAID controllers that handle full-disk encryption on FDE/BDE SAS/SATA drives but that's outside the scope of what the RD210 can handle natively. if FDE drives interest you, take a look at LSI as they offer HBAs that can handle encryption. to the best of my knowledge these will allow passwords on RAID arrays, unlike an onboard controller or any of the HBAs currently included in a thinkserver. LSI customer service could help you more on that topic.
12-21-2011 09:38 AM
I gather that the system will not inquire about the hdd passwords either when the disks are used in a RAID array with passwords pre-set outside the server (vs _setting_ them via the server BIOS) ?
I'll have a look at LSI but was hoping find a solution in a single system/fom a single vendor.
IBM ServeRAID M5014 an M5015 with the ServeRAID M5000 Advanced Feature Key seem to offer similar functionality. All relying on TCG/TPM.
I use SATA SED/FDE on our laptops and like it for its simplicity ... was hoping to find similar support in RAID1 on a server...
12-21-2011 12:15 PM
those ServeRAID cards are actually LSI hardware. so, you're essentially getting to the same place via a different road. by all means go with the IBM option though as it will be part of your support package.
regarding setting passwords on drives before adding them to an array, i don't believe that will work. you could certainly test it but i suspect it will cause errors with the controller or that the controller won't be able to see the drives.
you might also consider skipping RAID and imaging your drives via windows server backup. this would allow you to use passwords on each drive, then recover a failed disk via image if something goes down. RAID isn't backup after all. you still need a good backup plan in the event your array has issues.
online data backup is another option.
01-03-2012 08:08 AM
Please remember that if you use any option in the system, you will need to use Lenovo options. If you have a support issue after using non-Lenovo options, any warranty claims may be turned away or you will be asked to utilize supported Lenovo options.
Lenovo servers currently do not support HDD passwords. However, that has been passed along.
As for the backup option Erik mentioned, you definitely need a backup plan and one preferably with off-site backup.