Filter
Top Products
Chapter 11 System Management
11.2 Functions in the Action Area for System
ETERNUS Web GUI User’s Guide
Copyright 2013 FUJITSU LIMITED P2X0-1090-10ENZ0
832
11.2.6.1 Required Settings for the Key Management Function
Security on preventing the leakage of information can be improved by storing the key for Self Encrypting Drive
(SED) authentication in an external secure place (key server), and updating the key regularly.
■ Required settings for the key management function
This section describes preparation that needs to be performed before using the key management function,
how to check the key status, and how to perform key group settings for RAID groups.
Perform the required settings in the following order.
● Preparation
(1)Register SED authentication key
Register the key (common key) that is managed in the ETERNUS DX Disk storage system.
Refer to "11.2.13.7 Register SED Authentication Key" (page 944)
for details.
If the common key is used to manage all of the SEDs in the ETERNUS DX Disk storage system, the
required settings for key management are complete.
To manage the key in the key server, perform the following procedures ("(2) Create self-signed SSL
certificate" (page 832) onward).
RAID groups that use the common key and RAID groups that use the key in the key server (RAID groups
that are registered in the key group) can be used in the same storage system.
(2)Create self-signed SSL certificate
To establish communication between the ETERNUS DX Disk storage system and the key server, create a
self-signed SSL certificate as the SSL certificate of the ETERNUS DX Disk storage system.
Refer to "11.2.3.15 Create Self-signed SSL Certificate" (page 787)
.
• If an SED is installed without registering the common key, rebooting the ETERNUS DX Disk storage
system is required after registering the key.
• The common key setting cannot be changed or deleted.
• The "Register SED Authentication Key" function can only be used once. If an SED authentication key
is already registered in the "Register SED Authentication Key" screen of the initial setup, this
operation is not required. Use the [System Settings] screen to check whether the SED
authentication key is already registered. Refer to "11.1.12 System Settings" (page 731)
for details.
• Even if a self-signed SSL certificate has already been created and registered, perform the [Create
Self-signed SSL Certificate] function again. Since the self-signed SSL certificate has changed,
reregistration to the ETERNUS DX Disk storage system is required. Refer to "Appendix C Installing
the Security Certificate" (page 981) for details.
• A "self-signed SSL certificate" or an "SSL server certificate" can be used as the SSL certificate of the
ETERNUS DX Disk storage system. Refer to "11.2.3.16 Create Key/CSR" (page 790)
and "11.2.3.17
Register SSL Certificate" (page 795) for details.