Home > Storage > PowerMax and VMAX > Data Protection > Dell PowerMax Data at Rest Encryption > Terminology
The following table provides definitions for some of the terms that are used in this document.
Term | Definition |
Advanced Encryption Standard (AES) | A FIPS-approved cryptographic algorithm that uses a symmetric block cipher to encrypt and decrypt data. |
Audit log | An immutable log that tracks security events on a PowerMax array. The audit log allows administrators to identify any breaches in the array and prove compliance with data-protection policies. |
Authentication key (AK) | A key generated and managed by PowerMaxOS for authentication and access to self-encrypting drives. |
Control station (CS) | A component that monitors the array environment, provides remote notification and remote support capabilities, and allows authorized Dell personnel to access the array locally or remotely. |
Data encryption key (DEK) | A key used for encryption algorithms to encrypt and decrypt data. |
Key encryption key (KEK) | A key that uses an AES Key Wrap algorithm to keep AKs secure during storage and transmission. |
Key Management Interoperability Protocol (KMIP) client | A function of Key Trust Platform that allows for separation of key management between PowerMax systems and an OASIS KMIP-based key management server. |
Key Trust Platform (KTP) | An integrated component that provides KMIP client and embedded key management capabilities to support Data at Rest Encryption. |
PowerMaxOS | The PowerMax operating environment that runs on PowerMax systems. |
Self-encrypting drive (SED) | A drive designed to automatically encrypt and decrypt data with self-managing data encryption keys. |