Digistor Citadel User manual

Citadel SSD

User Manual

A9-4400-01 Rev. 1.1

This User Manual contains proprietary content of CRU Data Security Group, LLC (“CDSG”) which is protected by copyright, trademark,

and other intellectual property rights.

Use of this User Manual is governed by a license granted exclusively by CDSG (the “License”). Thus, except as otherwise expressly

permitted by that License, no part of this User Manual may be reproduced (by photocopying or otherwise), transmitted, stored (in a

database, retrieval system, or otherwise), or otherwise used through any means without the prior express written permission of CDSG.

Use of the full Citadel SSD product is subject to all of the terms and conditions of this User Manual and the above referenced License.

DIGISTOR®(collectively, the “Trademarks”) are trademarks owned by CDSG and are protected under trademark law. This User Man-

ual does not grant any user of this document any right to use any of the Trademarks. CipherDrive is a registered trademark of KLC

Group, LLC.

Product Warranty

CDSG warrants this product to be free of significant defects in material and workmanship for a period of three (3) years from the origi-

nal date of purchase. CDSG’s warranty is nontransferable and is limited to the original purchaser.

Limitation of Liability

The warranties set forth in this agreement replace all other warranties. CDSG expressly disclaims all other warranties, including but not

limited to, the implied warranties of merchantability and fitness for a particular purpose and non-infringement of third-party rights with

respect to the documentation and hardware. No CDSG dealer, agent, or employee is authorized to make any modification, extension,

or addition to this warranty. In no event will CDSG or its suppliers be liable for any costs of procurement of substitute products or serv-

ices, lost profits, loss of information or data, computer malfunction, or any other special, indirect, consequential, or incidental damages

arising in any way out of the sale of, use of, or inability to use any CDSG product or service, even if CDSG has been advised of the

possibility of such damages. In no case shall CDSG’s liability exceed the actual money paid for the products at issue. CDSG reserves

the right to make modifications and additions to this product without notice or taking on additional liability.

FCC Compliance Statement: This device complies with Part 15 of the FCC rules. Operation is subject to the following two conditions:

(1) This device may not cause harmful interference, and (2) this device must accept any interference received, including interference

that may cause undesired operation.

This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules.

These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment

generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may

cause harmful interference to radio communications.

In the event that you experience Radio Frequency Interference, you should take the following steps to resolve the problem:

1. Ensure that the case of your attached drive is grounded.

2. Use a data cable with RFI reducing ferrites on each end.

3. Use a power supply with an RFI reducing ferrite approximately 5 inches from the DC plug.

4. Reorient or relocate the receiving antenna.

Table of Contents

1. Introduction ............................................................................................................................ 5

1.1. Safety Information ........................................................................................................ 5

2. Drive Installation ..................................................................................................................... 6

2.1. M.2 SSDs (NVMe or SATA) ........................................................................................... 6

2.2. 2.5-inch SATA SSD ....................................................................................................... 7

3. Activate the Citadel SSD ......................................................................................................... 8

3.1. Download the Activation Software ................................................................................. 8

3.2. Create a Bootable USB Thumb Drive ............................................................................. 8

3.3. Configure UEFI/BIOS Settings ...................................................................................... 8

3.3.1. For All Computers .............................................................................................. 9

3.3.2. For Dell Computers ............................................................................................ 9

3.4. Install an Operating System or Virtual Environment ....................................................... 10

3.5. How to Boot into the Thumb Drive ................................................................................ 11

3.6. Activate the Citadel SSD .............................................................................................. 11

4. First Time Login ..................................................................................................................... 13

5. Pre-Boot Authentication Interface ............................................................................................ 14

5.1. Logging In ................................................................................................................... 14

5.1.1. Logging In with a Username and Password ........................................................ 14

5.1.2. Logging In with a Smart Card ............................................................................ 15

5.1.3. Logging in with Two-Factor Authentication .......................................................... 16

5.2. Logging Out ................................................................................................................ 17

5.3. Dashboard .................................................................................................................. 17

5.4. User ........................................................................................................................... 18

5.4.1. User Roles ....................................................................................................... 18

5.4.2. Add a User ....................................................................................................... 18

Add a User with a Password ............................................................................... 19

Add a User with a Smart Card ............................................................................ 20

Bulk Import Users .............................................................................................. 21

5.4.3. Edit a User ....................................................................................................... 22

Edit a User with a Password ............................................................................... 22

Edit a User with a Smart Card ............................................................................ 23

5.4.4. Delete a User ................................................................................................... 23

5.5. Settings ...................................................................................................................... 24

5.5.1. Configuration .................................................................................................... 24

5.6. Maintenance ............................................................................................................... 25

5.6.1. Backup Database ............................................................................................. 26

5.6.2. Erase Disk ....................................................................................................... 26

5.6.3. Change DEK .................................................................................................... 27

5.6.4. Change AK ...................................................................................................... 28

5.6.5. License Upgrade .............................................................................................. 28

Generate a License Request .............................................................................. 29

Upgrade License ............................................................................................... 30

5.6.6. Upgrading the PBA Software ............................................................................. 30

Via the Settings Console .................................................................................... 30

Via Command Line ............................................................................................ 31

5.6.7. Temporarily Deactivate the PBA ........................................................................ 33

5.6.8. Uninstall the PBA Software ............................................................................... 34

5.6.9. Export Configuration ......................................................................................... 35

5.7. Logs ........................................................................................................................... 36

Citadel SSD User Manual 3

5.7.1. Activity Log ...................................................................................................... 36

5.7.2. Login Log ......................................................................................................... 37

5.7.3. Exception Log .................................................................................................. 38

5.7.4. Admin Log ....................................................................................................... 39

5.7.5. Latest Log ........................................................................................................ 40

5.7.6. Purge Log ........................................................................................................ 41

5.7.7. Log Filter ......................................................................................................... 42

5.8. Disk Information .......................................................................................................... 43

6. Other Features ....................................................................................................................... 44

6.1. Dead Man's Switch Operation ...................................................................................... 44

6.1.1. Resetting an SSD After Using the Dead Man's Switch ........................................ 44

6.2. Administrator Backdoor ................................................................................................ 44

Citadel SSD User Manual 4

1. INTRODUCTION

DIGISTOR Citadel SSDs protect against unauthorized access using CipherDrive pre-boot authentication

(PBA) built into the self-encrypting drive. Each Citadel self-encrypting drive (SED) is FIPS certified and is

the only SSD brand that has PBA natively built-in.

Once fully set up and configured, the Citadel SSD will require you to securely authenticate access to the

drive before any operating system or virtual machine stored on the SSD can start up. Then after you au-

thenticate and sign in, changes can be made to the drive in real-time until the host computer is powered off.

This User Manual will help you install the Citadel SSD and activate it for use. It also includes instructions for

using the PBA's Settings Console, including managing users and user roles and configuring the PBA for

smart card or password access.

1.1. SAFETY INFORMATION

Please read the following before handling this product.

1. Do not drop the product, submit it to impact, or pierce it.

2. The circuit boards within this product are susceptible to static electricity. Proper grounding is strongly

recommended to prevent electrical damage to the product or other connected devices, including the

computer host.

3. Avoid placing this product close to magnetic devices, high voltage devices, or in an area exposed to

heat, flame, direct sunlight, dampness, moisture, rain, vibration, shock, dust, or sand.

4. To avoid overheating, this product should be operated in a well-ventilated area.

5. Before starting any type of hardware installation, please ensure that all power switches have been

turned off and all power cords have been disconnected to prevent personal injury and damage to the

hardware.

Citadel SSD User Manual 5

2. DRIVE INSTALLATION

These instructions will help you install the Citadel SSD into your computer. If you purchased a computer

with a Citadel SSD pre-installed, you can skip this section.

Choose the installation instructions appropriate to the type of Citadel SSD you have.

2.1. M.2 SSDS (NVME OR SATA)

1. Remove the screw from the SSD slot you intend to use if there is one present.

2. Insert the Citadel SSD into an open M.2 slot in your computer. Be sure to align the notch(es) on the

gold contacts of the SSD module with the notch(es) on the empty slot.

M.2 nVME SSD

M.2 SATA SSD

3. Secure the Citadel SSD. Hold the Citadel SSD flat against the slot bay (Figure 1) and reinsert the

screw back into the rear of the slot (Figure 2).

The Citadel SSD must now be activated. Please continue to the next section (see Section 3: Activate the

Citadel SSD, page 8).

Citadel SSD User Manual 6

2.2. 2.5-INCH SATA SSD

1. Insert the Citadel SSD into an open 2.5-inch drive bay in your computer (Figure 1). Then secure the

Citadel SSD with four screws (Figure 2) or via the computer chassis' built-in tension clip.

2. Attach a SATA power connector from your computer to the SATA power port on the rear of the Citadel

SSD.

3. Attach a SATA data cable to the SATA port on the rear end of the Citadel SSD and the other end to the

computer's motherboard.

The Citadel SSD must now be activated. Please continue to the next section (see Section 3: Activate the

Citadel SSD, page 8).

Citadel SSD User Manual 7

3. ACTIVATE THE CITADEL SSD

Your DIGISTOR Citadel SSD, with its pre-boot authentication (PBA) and self-encrypting drive capabilities, is

sent from the manufacturer with the PBA capability temporarily deactivated so that you can easily install an

operating system or virtual machine.

These instructions will show you how to create a bootable USB thumb drive, when to install your operating

system or virtual machine during this process, and how to activate the Citadel SSD's PBA capability.

3.1. DOWNLOAD THE ACTIVATION SOFTWARE

Download the Citadel SSD activation software from cru.bz/citadel and save it to a place on your computer.

This download should be located at the top of the page.

3.2. CREATE A BOOTABLE USB THUMB DRIVE

1. Insert a USB thumb drive into your computer.

2. Format a USB thumb drive to the FAT32 file system.

CAUTION

Be sure you backup any files on the drive because they will be erased!

IMPORTANT

Ensure that no other partitions or files exist on the thumb drive! If you have multiple

partitions on the thumb drive, you may have to use other tools to delete them such as

"Disk Management" which is built into Windows 8.1 and Windows 10.

3. Open the ZIP file you downloaded and extract the "USB Digistor Activator V11 - Foxtrot" folder to your

computer.

4. Navigate into the "USB Digistor Activator V11 - Foxtrot" folder. Copy the contents of the folder to the

thumb drive.

IMPORTANT

Do not copy the “USB Digistor Activator V11 - Foxtrot” folder itself over to the thumb

drive. Your system will be unable to boot from it if you do.

You now have a bootable thumb drive. If you require more help, please contact Technical Support. See

Product Support.

3.3. CONFIGURE UEFI/BIOS SETTINGS

You will need to properly configure your BIOS or UEFI in order to properly boot from the thumb drive. To do

so, follow the instruction set below that's applicable to your situation. Specific instructions have been provi-

ded for Dell computers, as well as a generic instruction set for all other computers.

Citadel SSD User Manual 8

3.3.1. FOR ALL COMPUTERS

Follow these steps to ensure your computer's BIOS or UEFI settings are configured correctly. To access the

BIOS or UEFI, you may have to press Delete, Esc, F2, or F12 when starting your computer up.

1. If you have an option for "UEFI Boot Path Security" or something like it, be sure to change it to Never.

2. Ensure that your "SATA Operation" is set to AHCI.

3. If you have a discrete video card, ensure your primary display detection is set to Auto.

4. Disable "Secure Boot".

NOTE

The Citadel SSD does support Secure Boot, but only once activated. You may reena-

ble Secure Boot after you finish reactivating the Citadel SSD.

3.3.2. FOR DELL COMPUTERS

Follow these steps to ensure your Dell computer's UEFI settings are configured correctly. To access the UE-

FI, you may have to press F2 or F12 when starting your computer up.

1. Navigate to "General > UEFI Boot Path Security" and change it to Never.

2. Navigate to "System Configuration > SATA Operation" and change it to AHCI.

3. If your Dell computer has an upgraded video card, navigate to "Video > Primary Display" and ensure it

is set to Auto. Otherwise, this option will not be available and you can continue onto the next step.

Citadel SSD User Manual 9

4. Navigate to "Secure Boot > Secure Boot Enable" and uncheck the box next to the "Secure Boot" op-

tion to disable it. A dialog box may pop up warning you that disabling Secure Boot will reduce system

security. Click Yes to disable it.

NOTE

The Citadel SSD does support Secure Boot, but only once activated. You may reena-

ble Secure Boot after you finish activating the Citadel SSD.

3.4. INSTALL AN OPERATING SYSTEM OR VIRTUAL ENVI-

RONMENT

Your Citadel SSD has been shipped to you deactivated and unlocked. Install any operating system (OS) or

virtual machine (VM) at this time.

TIP

If you need to turn on a Trusted Platform Module (TPM), Virtualization Support, or Trusted

Execution, you can turn them on in the UEFI.

Citadel SSD User Manual 10

After you have installed the OS or VM, perform a cold reboot by turning your computer off and back on

again and test the OS or VM.

3.5. HOW TO BOOT INTO THE THUMB DRIVE

1. Insert the bootable USB drive with the Citadel SSD software into the computer and turn it on.

2. Continually press the key for accessing your motherboard's boot menu while the computer starts up.

This key to access it differs on different models, but the most common keys are F2, F10, F12, or Esc.

3. The motherboard's boot menu will appear. Choose the USB thumb drive from the list of boot options.

4. A Linux BASH prompt will load. Press Enter to activate the console.

3.6. ACTIVATE THE CITADEL SSD

1. Boot into the thumb drive using the steps above. See Section : How to Boot into the Thumb Drive,

page 32.

2. Type in the command below to run the activation software. Please note that the following text is case

sensitive.

CitadelStart -p <password>

NOTE

<password> is the Administrator password. The default Administrator password is

Administrator, and it is case-sensitive.

IMPORTANT

If you are using the default Administrator password, you should change it as soon as

possible by logging into the Citadel SSD Settings Console.

Citadel SSD User Manual 11

3. The software will activate the pre-boot authentication and will automatically shut down the computer

when finished. Remove the USB thumb drive and reboot the system.

The Citadel SSD has been activated!

Citadel SSD User Manual 12

4. FIRST TIME LOGIN

IMPORTANT

Before attempting to log in, make sure you have first activated your Citadel SSD. See Sec-

tion 3: Activate the Citadel SSD, page 8.

1. If you haven't already, turn on the computer. The Citadel SSD software will load.

2. Click the Accept button at the bottom of the Disclaimer screen that appears.

3. Log into the default Administrator account. Use the following credentials, which are case sensitive:

• Username: Administrator

• Password: Administrator

NOTE

Usernames and passwords are case sensitive.

The computer will appear to reboot and your OS or VM will now start up.

Citadel SSD User Manual 13

5. PRE-BOOT AUTHENTICATION INTERFACE

The PBA Interface consists of the Login Screen and the Settings Console, which you can optionally

choose to enter from the Login Screen instead of booting into your computer's operating system or virtual

machine.

The Settings Console allows you to view data and logs about the PBA, edit your user profile, and allows

users with the Administrator or Security Officer roles to perform various administrative and maintenance

tasks.

5.1. LOGGING IN

5.1.1. LOGGING IN WITH A USERNAME AND PASSWORD

1. Power the computer on. The computer will boot into the Citadel SSD's pre-boot authorization screen.

2. Make sure the Password button is selected.

3. Type the default username and password into the "Username" and "Password" fields, respectively.

4. If allowed by policy, you can check Remember Me so the software will remember your username be-

tween logins.

5. If you want to load into the Dashboard instead of your operating system, check Settings Console.

Otherwise, leave it unchecked.

6. Click the Login button.

You will now be logged in.

Citadel SSD User Manual 14

5.1.2. LOGGING IN WITH A SMART CARD

1. Power the computer on. The computer will boot into the Citadel SSD's pre-boot authorization screen.

2. Insert the smart card into the card reader.

3. Make sure the Smart Card button is selected.

4. Select the username from the drop-down menu.

NOTE

The usernames in the menu are pulled from the installed certificates on the smart

card.

5. Enter the PIN for the card.

6. If you have an administrator account and you want to load into the Dashboard instead of your operating

system, check Settings Console. Otherwise, leave it unchecked.

7. Click the Login button.

You will now be logged in.

Citadel SSD User Manual 15

5.1.3. LOGGING IN WITH TWO-FACTOR AUTHENTICATION

When two-factor authentication is enabled, the user is required to use both the password and smart card

1. Power the computer on. The computer will boot into the Citadel SSD's pre-boot authorization screen.

2. Type the default username and password into the "Username" and "Password" fields, respectively.

3. If allowed by policy, you can check Remember Me so the software will remember your username be-

tween logins.

4. Click the Next button. The Smart Card login screen will now appear.

5. Select the username from the drop-down menu.

NOTE

The usernames in the menu are pulled from the installed certificates on the smart

card.

6. Enter the PIN for the card.

7. If you have an administrator account and you want to load into the Dashboard instead of your operating

system, check Settings Console. Otherwise, leave it unchecked.

NOTE

A single-factor SmartCard user will only be able to configure Login and viewing op-

tions such as Logs. Only users with a password will be able to access the full suite of

management features.

8. Click the Login button.

You will now be logged in.

Citadel SSD User Manual 16

WARNING

If you've enabled this setting without having an account set up with both a password and

smart card, you will be unable to log in or access the Settings Console. You will need to

use the Administrator Backdoor method to log in or access Settings Console. See Sec-

tion 6.2: Administrator Backdoor, page 44.

5.2. LOGGING OUT

You can log out from the Settings Console by clicking the Logout button on the top right of the screen at

any time. This will take you back to the login screen so you can log in and proceed to your operating sys-

tem.

5.3. DASHBOARD

The "Dashboard" screen shows a quick overview of the following events:

• Number of failed login attempts since the last successful login

• Last successful login time and date

• S.M.A.R.T. error count reported by the disk

• Graph of the previous seven (7) days of failed, successful, and total login attempts

• The last successful and unsuccessful login attempts of distinct users

NOTE

Admin and Security Officer accounts can view the successful and failed attempts of all

users.

Citadel SSD User Manual 17

5.4. USER

The "User" screen allows you to add a new user account, delete an account, or modify an existing account.

5.4.1. USER ROLES

Here are the available user roles (user account types) and what each is allowed to do:

User

Role

Add User

Account Update

User

Account

Delete

User

Account

Purge

Logs Erase

Disk Change

DEK* or

AK*

Upgrade,

Deactivate

or Uninstall

PBA*

License

Upgrade

User

Own

Account

Only

Help

Desk

Help Desk

Accounts

Only

Security

Officer · · · · ·

Admin-

istrator · · · · · · ·

*DEK means "Data Encryption Key", AK means "Authentication Key", and PBA means "Pre-boot Authentication"

5.4.2. ADD A USER

Citadel SSD User Manual 18

ADD A USER WITH A PASSWORD

1. On the "User" screen, click the Add button.

2. Make sure the Password tab is selected.

3. Enter a unique username for the user account in the Username field.

IMPORTANT

The username must be less than 40 characters. Uppercase, lowercase, numbers, and

special characters are allowed.

4. Enter the initial password for the account in the Password field.

IMPORTANT

The username must be less than 128 characters. Uppercase, lowercase, numbers,

and special characters are allowed.

5. Re-enter the password in the Confirm Password field.

6. Select the user role from the Assign Role drop-down box.

7. Enter the email address to be associated with the user account in the Email field.

8. Click the Save button.

9. A new window will pop up. Enter your password in the appropriate field and click Continue to verify

that you have registered the credentials correctly.

The user account is now ready for use.

Citadel SSD User Manual 19

ADD A USER WITH A SMART CARD

NOTE

A single-factor SmartCard user will only be able to configure Login and viewing options

such as Logs. Only users with a password will be able to access the full suite of manage-

ment features.

1. Make sure you have access to the card as well as the PIN for the card.

2. On the "User" screen, click the Add button.

3. Make sure the Smart Card tab is selected.

4. Insert the smart card into the card reader.

5. Select the username to be registered with the software from the drop-down menu at the top of the win-

dow. This list shows all the usernames contained on the smart card.

6. Enter the PIN into the PIN field.

IMPORTANT

The PIN must be less than 20 characters long.

7. Re-enter the PIN into the Confirm PIN field.

8. Select the user role from the Assign Role drop-down box.

9. Enter the email address to be associated with the user account in the Email field.

10. Click the Save button.

Citadel SSD User Manual 20

Table of contents

Other Digistor Storage manuals

Digistor

Digistor C Series User manual

Digistor

Digistor Citadel K Series User manual

Popular Storage manuals by other brands

Riello

Riello 7200/2-1500 HV PLUS installation instructions

Argos

Argos 147/6114 Assembly instructions

IBM

IBM N3400 Installation and setup instructions

Solarico

Solarico UniQube Installation and operation manual

Brabantia

Brabantia WALLFIX STORAGE BOX Instructions for use

Simply

Simply SymplyPro LTO Series manual

Stardom

Stardom DR2-B31 Quick setup guide

Dell

Dell EMC AX4-5 Hardware installation and troubleshooting guide

Iomega

Iomega Prestige 34807 Specifications

Ezquest

Ezquest B12560 user guide

Quantum

Quantum Scalar LTFS Replacement guide

NetApp

NetApp AFF A250 manual

Buffalo

Buffalo HD-QLU3R5 user manual

Exabyte

Exabyte EXB-8205 Installation and operation

Intel

Intel SSDSA1MH080G1 product manual

HP StorageWorks 1500cs - Modular Smart Array manual

Western Digital

Western Digital Ultrastar Data102 installation guide

Fujitsu

Fujitsu MHY2250BH - Mobile 250 GB Hard Drive Product/maintenance manual

Digistor CItadel User manual

Popular Storage manuals by other brands