If this document does not correspond to your current software version, you can go to Download Center to find other available document versions.


QTS 5.0.x

Download (PDF)

Self-Encrypting Drives (SEDs)

A self-encrypting drive (SED) is a drive with encryption hardware built into the drive controller. SEDs automatically encrypt all data as it is written to the drive and decrypt all data as it is read from the drive. Data stored on SEDs are always fully encrypted by a data encryption key, which is stored on the drive's hardware and cannot be accessed by the host operating system or unauthorized users. The encryption key can also be encrypted by a user-specified encryption password that allows the SED to be locked and unlocked.

Because encryption and decryption are handled by the drive, accessing data on SEDs does not require any extra CPU resources from the host device. Data on SEDs also become inaccessible if the SEDs are physically stolen or lost. For these reasons, SEDs are widely preferred for storing sensitive information.

In QTS, you can use SEDs to create SED secure storage pools and SED secure static volumes. You can also use SEDs to create regular storage pools and volumes, but the self-encrypting function on the SEDs would be disabled.