After the encryption environmental settings have been initialized during installation, the settings in the Edit Encryption Environmental Settings window can be changed only under the following conditions:
- When the key management server is not in use.
- When local key generation is disabled.
- When the key encryption key for the key management server is stored on the storage system.
- When you need to change the regular backup schedule or the regular backup user.
Item |
Description |
---|---|
Key Management Server |
Select whether to use a key management server. By default, no option is selected.
Caution: If you select Enable, enter the key management server information, click Check for Server Configuration Test, and then verify that the connection test is complete normally. |
Server Settings |
When Enable is selected for Key Management Server, the following items are displayed:
|
Primary Server |
Specify the network connection information for the primary key management server.
|
Secondary Server |
If you are using a secondary key management server, select Enable and then specify the network connection information for the secondary server: Host Name, Port Number, Timeout (sec.), Retry Interval (sec.), Number of Retries, Client Certificate File Name, Root Certificate File Name. Note: You must enable the Secondary Server if you want to select any of these settings: Protect the Key Encryption Key at the Key Management Server, Delete Internal Encryption Keys at PS OFF, or Disable local key generation. |
Server Configuration Test |
Select Check to start a network connection test for the key management server based on the specified settings. Result: Displays the result of the network connection test for the key management server. Caution: If you select Enable for Key Management Server, make sure to run the network connection test to the key management server. |
Enable Encryption Key Regular Backup to Key Management Server |
Select this option to enable regular encryption key backup operations on the key management server. This item cannot be selected if Disable is selected for Key Management Server.
Caution: If the user account of the regular backup user is deleted, you must enter a new regular backup user on this window. If not, regular backups will not be performed. If the user account of the regular backup user is edited (for example, changing the password or roles), you must re-enter the user name and password of the regular backup user on this window. If not, regular backups will not be performed. |
Generate Encryption Keys on Key Management Server |
Select this option if you want to create encryption keys on the key management server. Note: If you want to select Protect the Key Encryption Key at the Key Management Server, Delete Internal Encryption Keys at PS OFF, or Disable local key generation, you must select Generate Encryption Keys on Key Management Server. |
Protect the Key Encryption Key at the Key Management Server |
Select this option if you want to save the key encryption keys on the key management servers. Note: To enable this option, you must read the Warning and confirm the content of the warning by selecting I agree. |
Delete Internal Encryption Keys at PS OFF |
Select this option if you want to save the encryption keys in the key management server and delete the encryption keys in the storage system when the storage system is powered off. This option can be selected only when Enable is selected for Secondary Server and when the Protect the Key Encryption Key at the Key Management Server option is enabled. Note: To enable this option, you must read the Warning and confirm the content of the warning by selecting I agree. |
Disable local key generation |
Select this option if you want to create encryption keys only on the key management server and not on the storage system. This option can be selected only when Enable is selected for Secondary Server and when the Protect the Key Encryption Key at the Key Management Server option is enabled. Note: To enable this option, you must read the Warning and confirm the content of the warning by selecting I agree. Caution: If you enable this option and apply the setting to the storage system, you will not be able to undo this action or restore the settings. |
Initialize Encryption Environmental Settings |
Initializes the encryption environmental settings on the storage system. |