D@RE for PowerMax 2500 and 8500 provides full on-array, back-end encryption using Dell qualified, industry-standard self-encrypting drives (SEDs). SEDs are FIPS 140-2 validated and NVMe/TCG standard compliant. SEDs contain their own data encryption keys (DEKs) that are managed internally within the drives. Because the keys on the SED are self-managed, D@RE key management infrastructure generates and manages authentication keys (AKs), which are used to unlock the drives for reads and writes.
D@RE incorporates Dell Key Trust Platform (KTP) for integrated, set-and-forget embedded key management. Dell KTP establishes a pervasive and secure infrastructure for all key generation, distribution, and management capabilities required for D@RE.
The following figure shows PowerMax 2500/8500 embedded key manager architecture.
D@RE can also be deployed with an external key manager using OASIS Key Management Interoperability Protocol (KMIP). This provides external centralized key storage and management that simplifies key generation and recovery management for PowerMax and other KMIP-compatible encryption solutions.
The following figure shows PowerMax 2500/8500 external key manager architecture.