cancel
Showing results for 
Search instead for 
Did you mean: 

DC Series SSD - Encryption Key Management in Windows Server

KRyde
New Contributor

Folks,

I'm trying to understand how to leverage the hardware encryption built into the DC series SSDs for a branch server (doing all of the research now, so there are no surprises down the road).

I'm looking at purchasing a DC S3520 series SSD - this is listed as a Self-Encrypting Drive (SED). I have previously worked with Samsung Evo eDrive compatible SSDs in our corporate laptops - these work well with BitLocker and work with the existing hardware SSD encryption (rather than perform software Full Disk Encryption - which is often the case with OPAL certified drives without the separate eDrive comparability).

For the branch server setup, we need to have the data encrypted, so what is the Intel approved method of leveraging the existing hardware based encryption on Windows Server (2012 or 2016)? The server will have a TPM.

The Intel Solid-State Drive Pro Administrator tool does have the ability to enable eDrive support, but only on drives that support this capability. The DC S3520 series specifications don't specifically mention OPAL or eDrive support (or does it???)

The solution doesn't need to be BitLocker, but I'd like to know what options are there? For example, is there an Intel storage controller that can be purchased that can facilitate these SSDs for hardware based Full Disk Encryption? This may be a great solution when one wants to create a Mirrored RAID Volume that is hardware encrypted, as BitLocker won't do hardware encryption on eDrive enabled SSDs unless it can see them directly (won't work if they are in a RAID Volume - BitLocker will work - but Just in Software mode).

Any help is appreciated!

Regards,

Kieran

8 REPLIES 8

idata
Esteemed Contributor III

Hello KGR,

Thanks for your reply.Please allow us more time to investigate and gather more information on the encryption methods for Intel® DC SSD products.We'll get back to you as soon as possible.Best regards,Eugenio F.

idata
Esteemed Contributor III

Hello KGR,

We apologize for the confusion. There seems to be a little bit of confusion regarding SED.Checking with our Business Unit, they confirmed that except for some of the models on the https://www.intel.com/content/www/us/en/products/memory-storage/solid-state-drives/professional-ssds... Intel® SSD Professional Family, our drives are not SED, Opal* or eDrive*.The Intel® SSD DC are https://csrc.nist.gov/projects/cryptographic-standards-and-guidelines/archived-crypto-projects/aes-d... AES-256 encrypted only. They can be encrypted using software based solutions such as ATA security password.Please let us know if there's anything else we can do for you,Regards,Eugenio F.

idata
Esteemed Contributor III

Hello KGR,

We haven't heard from you in a while.Please let us know if there's anything else we can help you with.Best regards,Eugenio F.

dkuma27
New Contributor

Hello Eugenio,

We have a similar request from a client to secure the data by encrypting our drives. We have Intel SSD DC P3500 series 2 TB drives on our server. Can you confirm if these drives are self encrypted, if yes can you please share us how to view it, either commands or thru console? If not, can you suggest the best way to encrypt these drives?