Manualshelf

Deployment Guide

ManualsBrandsDell ManualsConverged InfrastructureEncryption
21222324252627282930
26 Configuration Guide
4
Go to <add key="epw" value="<encrypted value of the password>" /> and change "epw" to "password". Then change
"<encrypted value of the password>" to the password of the user from Step 3. This password is re-encrypted when the
Server restarts.
If using "superadmin" in Step 3, and the superadmin password is not "changeit", it must be changed here.
5
Save your changes and close the file.
Sample Configuration File:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<appSettings>
<add key="port" value="8050" />
[Which TCP port the Server will listen to. Default is 8050, change if needed.]
<add key="maxConnections" value="2000" />
[How many active socket connections the Server will allow.]
<add key="url" value="https://keyserver.domain.com:8081/xapi" />
[Device Server URL. If your Enterprise
Server is v7.7 or later, the format is https://keyserver.domain.com:8443/xapi/ -- if your Enterprise Server is pre-v7.7,
the format is https://keyserver.domain.com:8081/xapi (without the trailing forward slash.]
<add key="verifyCertificate" value="false" />
[True verifies certs/set to false to not verify or if using self-signed
certs]
<add key="user" value="superadmin" />
[User name used to communicate with the Device Server. This user
must have the Forensic Administrator type selected in the Remote Management Console. The "superadmin"
format can be any method that can authenticate to the Server. The SAM account name, UPN, or
domain\username is acceptable. Any method that can authenticate to the Server is acceptable because validation
is required for that user account for authorization against Active Directory. For example, in a multi-domain
environment, only entering a SAM account name such as "jdoe" will likely will fail because the Server will not be
able to authenticate "jdoe" because it cannot find "jdoe". In a multi-domain environment, the UPN is
recommended, although the domain\username format is acceptable. In a single domain environment, the SAM
account name is acceptable.]
<add key="cacheExpiration" value="30" />
[How often (in seconds) the Service should check to see who is
allowed to ask for keys. The Service keeps a cache and keeps track of how old it is. Once the cache is older than the
value (in seconds) it gets a new list. When a user connects, the Key Server needs to download authorized users
from the Device Server. If there is no cache of these users, or the list has not been downloaded in the last "x"
seconds, it will be downloaded again. There is no polling, but this value configures how stale the list can become
before it is refreshed when it is needed.]
<add key="epw" value="encrypted value of the password" />
[Password used to communicate with the Device
Server. If the superadmin password has been changed, it must be changed here.]
</appSettings>
</configuration>
Windows Service Instructions
1
Go back to the Windows Service panel.
2
Restart
the Dell Key Server Service.
3
Navigate to <Key Server install dir> log.txt to verify that the Service started properly.
4
Close the Windows Service panel.