Manualshelf

Users Guide

ManualsBrandsDell ManualsActive System ManagerOpenManage Server Administrator Version 9.3
61626364656667686970
Encryption Key Identier
An Encryption Key Identier is a user-supplied text label for the Passphrase. The identier helps you determine which Passphrase to
provide while authenticating import of foreign encrypted SED drives.
Passphrase
A Passphrase is a user supplied string that the controller uses to create the encryption key.
NOTE
: For more information on Encryption Key and Passphrase guidelines, click the icon on the Manage Encryption Key
page.
Creating An Encryption Key And Enabling LKM
To create an encryption key on the selected controller:
1 Select the Enable Local Key Management (LKM) option.
2 Type Encryption Key Identier.
An Encryption Key Identier can contain numerals, alphabets both lower and upper case are allowed, non-alphanumeric characters,
or a combination of any of these.
NOTE: For the Encryption Key Identier and Passphrase guidelines, click the icon on the page.
3 Type a Passphrase.
A Passphrase must contain at least one numeral, alphabets both lower and upper case are allowed, and one non-alphanumeric
character (except space).
NOTE
: Server Administrator Storage Management provides a suggested passphrase below the Passphrase text box.
4 If you want to save the Encryption Key credentials in a le on the managed node, select the Escrow check box.
The le is saved in the location C:\Windows for Microsoft Windows operating system and /var/log for Linux and ESXi operating
system which contains a lename as dellemc_<ControllerModel>_<SASAddress>.xml. The saved le contains the information: SAS
address, Encryption Key Identier, Passphrase, and modied date. You can use this le for future reference.
CAUTION
: It is important to understand that if you lose the Passphrase, you cannot recover it. If you move the physical
disks associated with the lost Passphrase to another controller or if the controller fails or is replaced, you cannot access
data from that disk.
NOTE: If Encryption Key Identier or Passphrase contain special characters such as & , " , <, and >, in the le, they are
written as &amp; , &quot;, &lt; and &gt; respectively.
NOTE: If the system crashes while the le is created, the backup le is saved in the specied
location.
5 Select the check-box indicating that you understand the implications of using a passphrase and click Apply Changes.
In the controller Information/Conguration page, the Encryption Key Present is set to Yes and the Encryption mode is set to LKM.
Changing Or Deleting The Encryption Key
You can change an encryption key of a controller if the controller already has a congured encryption key. You can delete an encryption key
for encrypted controllers only if there are no encrypted virtual disks.
Controllers
69