User's Manual
1. Go to the Manage Encryption key window and select the Enable Dell Key Management (DKM) Server radio button.
2. Click Apply Changes.
The controller Information/Configuration tab now displays Encryption Key Present as Yes and Encryption Mode as DKM.
Rekeying the Encryption Key
To change the DKM key:
1. Go to the Manage Encryption key window and select the Change Encryption Key (DKM) radio button.
2. Click Apply Changes.
Deleting the Encryption Key
To delete the encryption key:
1. Go to the Manage Encryption key window and select the Select this radio Button to delete the Encryption Key option.
2. Click Apply Changes.
The controller Information/Configuration tab now displays Encryption Key Present as No and Encryption Mode as None.
Enabling LKM
Creating an Encryption Key
To create an Encryption Key on the selected controller:
1. Select the Enable Local Key Management (LKM) option.
2. Enter an Encryption Key Identifier.
An Encryption Key Identifier can contain numerals, lowercase alphabets, uppercase alphabets, non-alphanumeric characters, or a combination of any of
these.
3. Enter a Passphrase.
A Passphrase must contain at least one numeral, one lowercase alphabet, one uppercase alphabet, and one non-alphanumeric character (except
space.)
4. If you want to save the Encryption Key credentials in a file on the system where Distributed Web Server is running, select the Escrow check box. You
can use this file for future reference.
The Path field is displayed. Enter the path where you want to save the file. The path should contain a file name with an .xml extension. The file is saved
with details such as SAS address, Encryption Key Identifier, Passphrase, and modified date.
5. Select the check-box indicating that you understand the implications of using a Passphrase and click Apply Changes.
In the controller Information/Configuration sub-tab, the Encryption Key Present is set to Yes and the Encryption mode is set to LKM.
NOTE: The Enable Dell Key Management (DKM) option is available only when the system is running a DKM-capable BIOS and iDRAC firmware.
NOTE: For the Encryption Key Identifier and Passphrase guidelines, click the i icon on the screen.
NOTE: Server Administrator Storage Management provides a suggested Passphrase below the Passphrase text box.
CAUTION: It is important to understand that if you lose the Passphrase, you cannot recover it. If you move the physical disks associated with the
lost Passphrase to another controller or if the controller fails or is replaced, you cannot access data from that disk.
NOTE: If Encryption Key Identifier or Passphrase contains special characters such as & , " , < , and > , in the file, they are written as & ,
" , < and > respectively.
NOTE: If the system crashes while saving the file, the backup file is saved in the specified location.