Configuring the connection settings to the key management server

Configure the connection settings to the key management server to set up the key management server and to back up the data encryption license keys to the key management server.

For more information, see Settings in the Edit Encryption Environmental Settings window and Backing up keys to a key management server.

To connect to the key management server by host name instead of IP address, send the IP address of the DNS server to your service representative and request that the service representative configure the SVP.

If the key management server is unavailable after you complete this task, the settings may be incorrect. Contact the server or network administrator.

Prerequisites

• Required role: Security Administrator (View & Modify)

1. In Hitachi Command Suite:

1. On the Resources tab, click Storage Systems, and then expand All Storage Systems.

2. Expand the target storage system, and then select Encryption Keys.

In Device Manager - Storage Navigator:

1. Display the Device Manager - Storage Navigator main window.

2. Select Administration in Explorer, and select Encryption Keys.

2. Select the Encryption Keys tab.

3. Click Edit Encryption Environmental Settings.

4. In the Edit Encryption Environmental Settings window, select Enable or Disable on the Key Management Server.

5. If you connect to the Key Management Server, specify the primary server and the secondary server.

6. If the key management server is already in use, select Check to test the connection. Error messages appear if the server configuration test fails.

7. Create an encryption key:

• To generate an encryption key on the key management server, select Generate Encryption Keys on Key Management Server. To store the encryption key on the key management server, select Protect the Key Encryption Key on the Key Management Server, then I Agree.

 If you have selected Protect the Key Encryption Key on the Key Management Server in Generate Encryption Keys on Key Management Server, the storage system will try to get encryption keys backed up on the key management server once the storage system is turned on. Therefore, it is recommended that you confirm that the SVP is connected to the key management server properly before turning the storage system on.

• To generate an encryption key on the key management server without creating an encryption key in the storage system, select Disable Local Key Generation. Confirm the Warning that displays and select I Agree.

 When you select the Disable local key generation and I Agree check-boxes in Generate Encryption Keys on Key Management Server and finished the settings, you cannot undo this action.

8. To backup data encryption license keys to the key management server, click Next. Otherwise, click Finish.

9. In the Confirm window, confirm the settings, and enter your task name in Task Name.

If you want the Tasks window to open after you click Apply, select Go to tasks window for status.

Click Apply.

The connection to the key management server is set up.

Related topics

• Edit Encryption Environmental Settings window

© 2015 Hitachi, Ltd. All rights reserved.