Manualshelf

User's Manual

ManualsBrandsDell ManualsMotherboardsOpenManage Server Administrator Version 7.4
919293949596979899100
4. If you want to save the Encryption Key credentials in a file on the system where Distributed Web
Server is running, select the Escrow check box.
The Path field is displayed. Provide the path where you want to save the file. The path should contain
a filename with an .xml extension. The saved file contains the information: SAS address, Encryption
Key Identifier, Passphrase, and modified date. You can use this file for future reference.
CAUTION: It is important to understand that if you lose the Passphrase, you cannot recover
it. If you move the physical disks associated with the lost Passphrase to another controller or
if the controller fails or is replaced, you cannot access data from that disk.
NOTE: If Encryption Key Identifier or Passphrase contain special characters such as & , " , <,
and >, in the file, they are written as &amp; , &quot;, &lt; and &gt; respectively.
NOTE: If the system crashes while saving the file, the backup file is saved in the specified
location.
5. Select the check-box indicating that you understand the implications of using a passphrase and click
Apply Changes.
In the controller Information/Configuration page, the Encryption Key Present is set to Yes and the
Encryption mode is set to LKM.
Changing Or Deleting The Encryption Key
You can change an encryption key of a controller if the controller already has a configured encryption
key. You can delete an encryption key for encrypted controllers only if there are no encrypted virtual
disks.
To change the encryption key, type the New Encryption Key Identifier and Passphrase. You are
prompted to authenticate the current Passphrase. Ensure that you read the note on the importance of
passphrase and consequences of not saving the same, before applying the changes.
When you change the encryption key, the existing configuration on the controller is updated to use the
new encryption key. If you have removed any of the encrypted drives previously, you must authenticate
with the old passphrase to import the encrypted drives.
When changing the encryption key, you can also save or update the new encryption key credentials to a
file in the system where Distributed Web Service is running. Select the Escrow check box. If you have
already saved the encryption key credentials for a controller, providing the path of the file updates the
credentials for that controller. If the credentials are for a new controller, the details are appended in the
same file.
If you have not saved the credentials to a file, you can provide the path on which the file must be saved.
The path must contain a filename with an .xml extension. On applying changes, this file is created with
the credentials.
If you delete the encryption key, you cannot create encrypted virtual disks and all encrypted
unconfigured self-encrypting drives are erased. However, deleting an encryption key does not affect
encryption or data in foreign disks. If you have saved the encryption key credentials to a file, deleting the
encryption key does not delete the file. Managing the file is the responsibility of the administrator.
Managing The Encryption Key
NOTE: To configure encryption, SED is not required. The encryption settings are used to configure
the virtual disk and the SED.
NOTE: On controller when encryption is disabled, manually enable encryption for virtual disks
created using SED drives. If the virtual disk is created after encryption is enabled on a controller, the
virtual disk is automatically encrypted, it will automatically be configured as an encrypted virtual disk
unless the enabled encryption option is disabled during the advance configuration virtual disk
creation.
93