Edit Encryption Environmental Settings window

After the encryption environmental settings are configured for the first time during installation, items in the Edit Encryption Environmental Settings window can be changed under the following conditions:

When the key management server is not in use.
When local key generation is disabled.
When the key encryption key for the key management server is stored on the storage system.
When the Enable Encryption Key Regular Backup to Key Management Server option is enabled and you need to change the regular backup schedule or user.

Item	Description
Key Management Server	Select whether to use the key management server. By default, no option is selected. Enable: Key management server is used. Disable: Key management server is not used.
Server Settings	When you Enable for Key Management Server, the following items are displayed: Primary server Secondary server Server Configuration Test
Primary Server	Specify the primary server information. Host Name: Select the method used to identify the host, Identifier, IPv4, or IPv6, and then enter the information: If you selected Identifier, enter the identifier for the host. If you selected IPv4, enter the IPv4 address of the host. If you selected IPv6, enter the IPv6 address of the host. Port Number: Enter the port number of the key management server (range = 1 to 65535, default = 5696). Timeout (sec.): Enter the time (in seconds) until the connection attempt to the key management server times out (range = 1 to 999, default = 60). Retry Interval (sec.): Enter the interval to retry the connection to the key management server (range = 1 to 60, default = 1). Number of Retries: Enter the number of times to retry the connection to the key management server (range = 1 to 50, default = 3). Client Certificate File Name: Enter the client certificate file for connecting to the key management server by clicking Browse and selecting the file. The form of the client certificate is PKCS#12. For details about the client certificate file, contact the server administrator or the network administrator. Password: Enter the password for the client certificate. Number of characters: 0 to 128 Valid characters: numbers (0 to 9), upper case letters (A-Z), lower case letters (a-z), symbols: ! # $ % & ' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ ` { \| } ~ Root Certificate File Name: Enter the root certificate file for connecting to the key management server by clicking Browse and selecting the file. The form of the root certificate is X.509. For details about the root certificate file, contact the server administrator or the network administrator.
Secondary Server	If you are using a secondary key management server, select Enable and then specify the settings for the secondary server: Host Name, Port Number, Timeout (sec.), Retry Interval (sec.), Number of Retries, Client Certificate File Name, Root Certificate File Name. Note: If you want to select Protect the Key Encryption Key at the Key Management Server, Delete Internal Encryption Keys at PS OFF, or Disable local key generation, you must select Enable for Secondary Server.
Server Configuration Test	Select Check to start a server connection test for the key management server based on the specified settings. Result: Displays the result of the server connection test for the key management server.
Enable Encryption Key Regular Backup to Key Management Server	Select this option to enable regular encryption key backup operations on the key management server. This item cannot be selected if Disable is selected for Key Management Server. Regular Backup Time: Select the time, or times, you want to back up encryption keys. Check Select All to schedule hourly backups. Regular Backup User Name: Enter the user name of the regular backup user. Password: Enter the password of the regular backup user. Caution: If the user account of the regular backup user is deleted, you must enter a new regular backup user on this window. If not, regular backups will not be performed. If the user account of the regular backup user is edited (for example, changing the password or roles), you must re-enter the user name and password of the regular backup user on this window. If not, regular backups will not be performed.
Generate Encryption Keys on Key Management Server	Select this option if you want to create encryption keys on the key management server. Note: If you want to select Protect the Key Encryption Key at the Key Management Server, Delete Internal Encryption Keys at PS OFF, or Disable local key generation, you must select Generate Encryption Keys on Key Management Server.
Protect the Key Encryption Key at the Key Management Server	Select this option if you want to save the key encryption keys on the key management servers. Note: To enable this option, you must read the Warning and confirm the content of the warning by selecting I agree.
Delete Internal Encryption Keys at PS OFF	Select this option if you want to save the encryption keys in the key management server and delete the encryption keys in the storage system when the storage system is powered off. This option can be selected only when Enable is selected for Secondary Server and when the Protect the Key Encryption Key at the Key Management Server option is enabled. Note: To enable this option, you must read the Warning and confirm the content of the warning by selecting I agree.
Disable local key generation	Select this option if you want to create encryption keys only on the key management server and not on the storage system. This option can be selected only when Enable is selected for Secondary Server and when the Protect the Key Encryption Key at the Key Management Server option is enabled. Note: To enable this option, you must read the Warning and confirm the content of the warning by selecting I agree. Caution: If you enable this option and apply the setting to the storage system, you will not be able to undo this action or restore the settings.
Initialize Encryption Environmental Settings	Select to initialize the encryption environmental settings