Lenovo Hardware Password Manager
If you are a company who does not want to end up on the front page of the Wall Street Journal for bad reasons (who does?), then you need to encrypt the data on your company’s hard disk drives. Many IT shops recognize this as something they should do, but seldom get around to it. One reason is that it is YASP (yet another software program) to test, deploy, and support. Plus, due to the nature of the beast, it is a type of program that really needs to be thought through carefully. Any wrong step, and users are locked out of their machines. Lose the password and data is gone. Permanently.
The encryption segment of the industry, and indeed most of the software encryption vendors, acknowledge that the end game is hardware encryption — self encrypting hard disk drives. Instead of installing and running a layer of software that encrypts the data on your drive, these FDE (full encryption drives) encrypt every bit of data that is written to them from day one. They have bulk encryption chips inside them that work at full drive speed so that there is theoretically no performance penalty. Contrast this with sometimes finicky software that has parameters like boot sector dependencies and compression overhead.
Despite its drawbacks, from an IT standpoint, software encryption has been the only acceptable solution. The main reason: manageability. IT shops need to know that if their end user forgets his/her password, that they can restore access to the system. They also need to make sure that they can access all data for auditing purposes. The enterprise software encryption vendors (like Utimaco), offer this key functionality. FDE drives didn’t really have a good management solution — until now. By using Lenovo’s Hardware password manager, IT shops can now have the ability to centrally control the hardware password for all types of self encrypting hard drives.
Lenovo’s tool is not the first tool on the market to do this. Wave software has had a product, and indeed, one of our competitors sells it as a solution. But it has a major drawback. If you are evaluating the Wave solution, ask your solution provider if it can manage drives from any other vendor than Seagate.
Go ahead I’ll wait.
—–
From our standpoint, a software management tool that locks you into a specific product FDE SKU from a specific vendor is not the best way. I’m not in the slightest suggesting that there are any problems, but certainly any customer evaluating this solution should ask for assurances that:
- Since the software solution only manages one type of hard drive from a specific vendor, that there will never be any supply problems
- That the price of the single vendor hard disk solution will remain competitive with other brands of self encrypting HDDs on the market
- That the technology will be based on industry standards and will be supported long-term
- That the technology has a roadmap to continue to improve performance and capacities
Our solution is designed to work with all types of FDE drives on the market, regardless of vendor. As new technologies become available, customers are free to choose what works best for them and not be locked in.
There is lots more to learn about this solution. Our security team recently prepared a video that explains exactly how this technology works in great detail. The following video is 10 minutes in length, but is well worth your time if you are evaluating this technology or are even just curious. Stacy and Jeff answer many common questions, including connected to the network and disconnected from the network scenarios.
Lenovo Meet the Modder Dean Liou
Lenovo Meet the modder- Chris Blarsky Dairy 2
Lenovo Meet the modder- Chris Blarsky Dairy 1
Lenovo H320 desktop
April 29th, 2009 3:16 pm
Does it work with Linux?
April 29th, 2009 6:01 pm
On a client machine, yes. The authentication server needs to be an Active Directory machine though, so you do need an AD account if you want to reset it using the “online” method.
April 29th, 2009 7:03 pm
Haha, Matt was ready & waiting for the Linux question!
April 30th, 2009 2:23 am
i was trying hard not to pose the above question…
cheers
Hecke, full of expectation for your next article on upcoming hardware, Matt
April 30th, 2009 4:51 am
Go ahead, have your fun
May 1st, 2009 10:41 pm
Do any of the thinkpad carry SSD disk that has hardware full-disk-encryption built-in?
May 2nd, 2009 9:37 am
Jiang — Not yet. It is on our roadmap, but since it is not yet announced, I cannot be more specific yet.
May 2nd, 2009 10:54 am
Hey Matt, feel free to delete this comment since it is off topic, but can you address screen quality in a blog post?
I’ve been using ThinkPads for over a decade now, and always will use them, but lately I’ve been tempted to stray due to this: http://www.anandtech.com/mobil.....spx?i=3540
The Dell Studio XPS 16.
I have an X61s I take with my everywhere I go, and a T61 I use as my main machine at home. Now there isn’t anything special about the design of the Dell, even Jarred Walton, the author of the above review says it has a heating problem. What I want to touch on is this quote:
“This may be as good as it gets in the world of laptop LCDs until OLEDs become mainstream. If you’re like me and have been repeatedly disappointed with lackluster laptop displays, the Studio XPS 16 may finally restore your faith in humanity. This is change that even I can believe in!”
I watch a lot of movies on my ThinkPad T61 and I want to have that panel. 1080p resolution, 16 inches, RGB LED, it’s fantastic. Market is as a W series machine, professional workstation, for people who need the colour accuracy.
Again, apologies for leaving this comment here. If there was a way I could email you, I would have.
May 4th, 2009 11:42 am
Stefan –You’ve figured out that the best way to get something to the forefront is to comment on the latest. I don’t blame you. Everyone else seems to as well, so it’s not something I mind.
We took a great step forward with the introduction of the great display on the W700. Not sure if you saw this or not.
http://www.robgalbraith.com/bi.....-9320-9876
Other than when I say the word “Linux,” there is no other topic that brings up such heated conversation as when I talk about displays. Our business customers have continually indicated that they won’t pay more for better displays and despite the vocal people who say they would, they are still in a minority.
That said, the switch to LED has certainly helped display quality take a small jump forward. As you know, we don’t currently have a 100% RGB LED display panel in our portfolio. For most people the advantages are theoretical, much like the jump from 12 to 14MP in camera resolution. However, that doesn’t mean that some won’t notice it.
I’m pushing our ThinkPad team to include more and better panels in our portfolio, but sadly, as of right now, I don’t have any new news to report. If I do a post with no new news, all it will do is incite people to (rightfully) jump down my throat once again.
May 5th, 2009 2:25 am
as you mentioned it (i would never dare;-)): How about a blog post why Lenovo is leaving the field of preinstalled Suse Linux to HP?
Not that we could (and will anyway) not do the installation ourselves with the distro of choice, but than Lenovo would give more than a damn on Linux friendly hardware, and perhaps portation of features like hot-switchable graphics to Linux.
May 6th, 2009 2:34 am
Matt, i just read the link you posted in your comment. For me it sounds as if Lenovo has not taken “a great step forward” but just done a lot of effort to keep the level:
cite from robgalbraith: “On balance, it’s [the W700's] the best laptop display we’ve ever seen, rivaled only by the ThinkPad T60 and its 1400 x 1050 pixel FlexView display from a couple of years ago.”
The key for me is “from a couple of years ago”. Sad it is.
btw: why is there no quality screen option for really portable Thinkpad models? (I ran around for one week on a conference with an A31p, 3.8kg is not portable.)
ok, that’s it from me
Hecke
May 6th, 2009 11:29 pm
a) Where’s the download?
b) Will this be available on the T61?
c) Is there some reason it doesn’t use some sort of challenge/response scheme instead of an “emergency password”? That would obviate the need for changing the emergency password after giving it to the user (as mentioned in the video).
June 1st, 2009 2:42 pm
I just entered this into the search on the Lenovo Homepage and found: nothing.
- Is this product available and if so … where can we find it?
January 4th, 2010 9:36 pm
Will harware password manager work with Windows 7?