• Storage operations get applied only when the server is powered on, and they do not trigger a server
reboot.
• A global service profile (GSP) with a security policy gets pushed to Cisco UCS Manager releases prior
to 3.1(3), and the security policies related operations are cleaned up and an unsecured LUN is created.
• A Cisco UCS Manager downgrade fails if a storage controller with Drive Security Enable is present in
the domain.
• A GSP association fails with a config-failure status/message if it is associated with an unsupported
server, or a supported server with unsupported firmware.
• A GSP association fails with a config-failure status/message if LUN security is set to Enabled
in the Disk Configuration Policy but if the Security policy is not created in the storage profile.
• A GSP association fails if the Security policy is deleted from the storage profile after the Storage Controller
is set to Drive Security Enable.
Security Flags for Controller and Disk
Security flags indicate the current security status of the storage controller and disks.
The storage controller and disks have the following security flags:
• Security Capable—Indicates that the controller, LUN, or disk is capable of supporting SED management.
• Security Enable—Indicates that the security key is programmed on the controller, disk, or LUN, and
security is enabled on the device. This flag is set when you configure a security policy and associate it
to a server, making the controller and disk secure. This flag is not set on a Cisco HyperFlex device.
• Secured—Indicates that the security key is programmed on the disk, and security is enabled on the Cisco
HyperFlex device.
The following security flags are exclusive to storage disks:
• Locked—Indicates that the disk key does not match the key on the controller. This happens when you
move disks across servers that are programmed with different keys. The data on a locked disk is
inaccessible and the operating system cannot use the disk. To use this disk, you must either unlock the
disk or secure erase the foreign configuration.
• Foreign Secured—Indicates that a secure disk is in foreign configuration. This happens when you unlock
a locked disk with the right key, but the disk is in a foreign configuration state and the data on it is
encrypted. To use this disk, you can either import or clear the foreign configuration.
Security Related Operations
You can create security policies for Self-Encrypting Drives (SEDs) through a Storage Profile in Cisco UCS
Central. In addition to creating security policies, you can perform additional operations on the supported
servers. The following table lists the remote operations and their descriptions:
SED Management
2
SED Management
Security Flags for Controller and Disk