Where do the D@RE encryption/decryption functions occur in the Unity storage system?
A . Host I/O Modules
B . Storage Processor Cache
C . SAS I/O Module
D . Self-encrypting drives
Answer: C
Explanation:
Upon installation and activation of the feature, the following keys are generated by RSA BSAFE and persisted to the Lockbox:
– KEK Wrapping Key (KWK)
– Data Encryption Keys (DEKs) for all bound drives
A new KEK is generated each time the array boots. The KEK is wrapped with the KWK and passed to the SAS controller during the system boot process. Using the persisted KWK, the SAS controller can decrypt the KEK.
Incorrect Answers:
D: Self-Encrypting Drive (SED) technology is another variation of D@RE which is widely used and offers similar functionality as CBE.
However, with SEDs, you have to pay a premium on every drive and only certain drives are offered in SED form.
References: https://www.emc.com/collateral/white-paper/h13296-dare-wp.pdf (page 8)