Fujitsu DX440 S2 Computer Drive User Manual


  Open as PDF
of 1066
 
Chapter 11 System Management
11.2 Functions in the Action Area for System
ETERNUS Web GUI User’s Guide
Copyright 2013 FUJITSU LIMITED P2X0-1090-10ENZ0
849
11.2.6.9 Update SED Authentication Key
This function updates the key in the key group. Updating of the key is performed in the following ways:
When no key is registered in the key group, a key that has not expired is obtained from the key server.
When the key is valid and has not expired, this key is replaced with a new key from the key server.
The ETERNUS DX Disk storage system monitors the key on a regular basis and automatically replaces an
expired key with a new key. This function is used when a new key is required before the key expiration date
has been reached because the user loses the SEDs that were disconnected for maintenance. This function asks
whether to use the current key again when replacing the key.
The procedure to update a key in the key group is as follows:
Procedure
1 Click [Update SED Key] in [Action].
Replacing a key is only available when the master server is registered. Check the registration status of the
master server in the [Key Group] screen. To replace the key, register the master server in advance. Refer to
"11.2.6.8 Modify Key Group" (page 845)
for details.
The key is updated only when communication with the master server is normal.
If no key is registered in the key group, an error occurs when the first update of the key is performed. In
this case, register the SSL certificate of the ETERNUS DX Disk storage system in the key server, accept
access from the ETERNUS DX Disk storage system, and then update the key again. The key status changes
to "Normal". An SSL certificate of the ETERNUS DX Disk storage system indicates a "self-signed SSL certifi-
cate" or an "SSL server certificate".
The key can only be updated when the SEDs that configure the RAID groups in the key group are in the
normal status. If there are SEDs without normal status in the RAID group, make sure to perform
maintenance for these SEDs in advance. If the key is updated before required maintenance is performed
for the SEDs, the RAID group status changes to " Exposed" and updating of the key for the RAID group
is not complete (the key status of the key group is not changed from "Modifying"). Updating of the key is
complete after performing the SED maintenance and the status of all the RAID groups has returned to
" Available" (the key status of the key group has changed to "Normal").
If the RAID groups in the key group are blocked (the status is " SED Locked"), the RAID group status is
not changed to " Available" even after the key is updated. Make sure to recover SEDs before updating
the key. Refer to "6.2.9 Recovery SED" (page 197)
for details.
When "Disabled Key" is selected for "Current Key", make sure to compromise (*1) the key in the key server
by using CLI for the key server. Note that GUI for the key server does not support the key compromising
function.
*1: The key becomes unavailable in the key server.
This function can be used to replace a key when the expiration date of the key is set to "Unlimited".
This function can also be used to update the key in a key group in which no RAID groups are registered.