Home » EMC » E20-393 » Where do the D@RE encryption/decryption functions occur in the Unity storage system?
Where do the D@RE encryption/decryption functions occur in the Unity storage system?
A. Host I/O Modules
B. Storage Processor Cache
C. SAS I/O Module
D. Self-encrypting drives
Correct Answer: C
Explanation/Reference:
Upon installation and activation of the feature, the following keys are generated by
RSA BSAFE and persisted to the Lockbox:
KEK Wrapping Key (KWK)
Data Encryption Keys (DEKs) for all bound drives
A new KEK is generated each time the array boots. The KEK is wrapped with the KWK and passed to the SAS controller during the system boot process. Using the persisted KWK, the SAS controller can decrypt the KEK.
Incorrect Answers:
D: Self-Encrypting Drive (SED) technology is another variation of D@RE which is widely used and offers similar functionality as CBE. However, with SEDs, you have to pay a premium on every drive and only certain drives are offered in SED form.
References: https://www.emc.com/collateral/white-paper/h13296-dare-wp.pdf (page 8)
|
Download Printable PDF. VALID exam to help you PASS.
|
 |
Answer D – is SAS controller see 1.19 minutes –
Agree.
and I was wrong, I think it’s SAS I/O module.
The feature uses hardware embedded in the SAS I/O controller chip in all SAS I/O modules and embedded in the Storage Processor.
The answer is C
Since the encryption/decryption functions occur in the SAS controller, it has minimal impact on data services, such as replication.