Edit Encryption Environmental Settings window

After the encryption environmental settings are configured for the first time during installation, items in the Edit Encryption Environmental Settings window can be changed under the following conditions:

When the key management server is not in use.
When local key generation is disabled.
When the key encryption key for the key management server is stored on the storage system.
When the Enable Encryption Key Regular Backup to Key Management Server option is enabled and you need to change the regular backup schedule or user.

Item	Description
Key Management Server	Select whether to use the key management server: Enable: (default) key management server is used Disable: key management server is not used
Server Setting	When you use the key management server, the following items display: Primary server Secondary server Server Configuration test
Primary Server	Specify the primary server information. Host Name: Enter the host name of the key management server. Identifier: Enter the host identifier. IPv4: Enter the host IPv4 address. IPv6: Enter the host IPv6 address. Port number: Enter the port number of the key management server. Values: 1 to 65535. Default: 5696. Timeout (sec.): Enter the time until the connection attempt to the key management server times out. Values: 1 to 999. Default: 60. Retry Interval (sec.): Enter the interval to retry the connection to the key management server. Values: 1 to 60. Default: 1. Number of Retries: Enter the number of times to retry the connection to the key management server. Values: 1 to 50. Default: 3. Client Certificate File Name: Select the client certificate file for connecting to the key management server. Click Browse and select the file. Browse: Select the client certificate file. The form of the client certificate is PKCS#12. For information about the client certificate file, contact the server or network administrator. The file name appears in the Client Certificate File Name field. Password: Enter the password for the client certificate. Character limits: 0 to 128. Valid characters: Numbers (0 to 9) Upper case: (A-Z) Lower case: (a-z) Symbols: ! # $ % & ' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ ` { \| } ~ Root Certificate File Name: Select the root certificate file for connecting to the key management server. Click Browse and select the file. Browse: Select the root certificate file. The form of the client certificate is X.509. If you do not know about the root certificate file, contact the server administrator or the network administrator. The name of the selected file appears in the Root Certificate File Name field.
Secondary Server	When the secondary server is set to Enable, the same settings can be specified as the primary server. Note: You must select Enable for Secondary Server before you can select Protect the Key Encryption Key at the Key Management Server or Disable local key generation.
Server Configuration Test	Select Check to start a server connection test for the key management server based on the specified settings.
Check	Start a server connection test for the key management server based on the specified settings
Result	Shows the result of the server connection test for the key management server
Enable Encryption Key Regular Backup to Key Management Server	Select this option to enable regular encryption key backup operations on the key management server. This item cannot be selected if Disable is selected for Key Management Server.
Regular Backup Time	Select the time, or times, you want to back up encryption keys. Check Select All to schedule hourly backups.
Regular Backup User	Defines the regular backup user. User Name Enter the user name of the regular backup user. Password Enter the password of the regular backup user. Caution: If the user account of the regular backup user is deleted, you must enter a new regular backup user on this window. If not, regular backups will not be performed. If the user account of the regular backup user is edited (for example, changing the password or roles), you must re-enter the user name and password of the regular backup user on this window. If not, regular backups will not be performed.
Generate Encryption Keys on Key Management Server	Checks when encryption keys are created on a key management server
Protect the Key Encryption Key at the Key Management Server	Specifies when key encryption keys are saved on key management servers. If Warning is displayed, confirm the content of the warning, and select I Agree. Note: This item cannot be selected if Disable is selected for Secondary Server.
Delete Internal Encryption Keys at PS OFF	Select this option to save the encryption key in the key management server, and to delete the encryption key in the storage system when it is turned off. When you select this check box, Warning appears. Confirm the content of the warning, and select I Agree. Note: When Disable is selected for Secondary Server, you cannot select the check box.
Disable local key generation	Specifies when encryption keys are created on the key management server and that encryption keys cannot be created on the storage system. If Warning is displayed, confirm the content of the warning, and select I Agree. Caution: If you select this option and select I Agree when prompted, you will not be able to undo this action or restore the settings. Note: This item cannot be selected if Disable is selected for Secondary Server.
Initialize Encryption Environmental Settings	Select to initialize the encryption environmental settings