How-to: Boot Authentication for TeraStation
This article applies to TS5000, TS3010, and TS5010 series TeraStations. The required windows utility is available here.
The boot authentication system is designed to prevent a TeraStation from being used in an unauthorized environment. In other words, if the TeraStation is stolen it cannot be accessed unless the authentication server is present. Please refer to the User's Manual for your model TeraStation for more information.
When this feature is enabled on the TeraStation, during the boot process it will look for a designated server running the authentication software. The authentication software is a Windows utility running on a server or other Windows system that is available at all times. If the authentication server is not found, the TeraStation will boot but the user interface and shares will not be accessible.
- The Boot Authentication Tool is a utility that runs as a service in Windows. It should be installed on a Windows system that is available at all times. Once the tool is installed and running it will appear in the system tray:
- As with most system tray utilities, right-clicking the icon will give you a menu:
- The utility itself has two tabs. The first tab, "Managed Devices", should show authenticated TeraStations:
- The "Options" tab will allow you to change the TCP port used by the utility as well as giving the option to block a TeraStation whose status shows "Warning":
NOTE: Boot authentication and iSCSI cannot co-exist, therefore a TeraStation set up with iSCSI can't be configured for boot authentication and a TeraStation with boot authentication configured cannot be set up to use iSCSI! If you attempt to turn on boot authentication on a unit already configured for iSCSI they will get the following message:
- A new option will added to the TeraStation user interface on the "Management" tab. It should be listed as "Boot Authentication":
- This will let you configure several options. Note: Setting the security level to "high" means that if you attempt a manual authorization with the wrong passcode three times the TeraStation can no longer be authorized manually!
WARNING! When this option is activated, the drives WILL BE formatted!! Any data already on the unit will be ERASED!!
Once the option is enabled all drives will be encrypted and the TeraStation will search for the pre-configured Boot Authorization Server during the boot process. If the TeraStation cannot locate the Boot Authorization Server the following message will be displayed on the LCD with a red background (TS3010 series units do NOT have an LCD!):
- If someone attempts to access the user interface on a TeraStation that is unable to properly authenticate against the authentication server the following screen will be displayed:
It is possible to perform a manual authentication in the event that the TeraStation is unable to communicate with the authentication server. In order to do so you must have access to the server running the boot authentication utility.
To perform a manual authentication, perform the following steps:
- Open the Boot Authentication tool on the Windows server, right-click the target TeraStation and click "Decrypt Passcode".
- Enter the decryption key provided by the TeraStation and click "decrypt":
- This will return a 20 digit passcode:
That code can be entered into the TeraStation user interface to authenticate the TeraStation manually.
It is recommended that the tool be backed up whenever a new system is added. To accomplish this follow these steps:
- In the boot authentication tool, click "File" and then "Export Devices"
- Give the file a descriptive name and save it in a location that will be backed up and that can be easily located if necessary.
Would you like to learn more about our solutions? Join our email list! Benefits include:
First access to free webinars and giveaways
Invitations to special events
Updates and information on our products