Manualshelf

Setup Guide

ManualsBrandsDell ManualsConverged InfrastructureSecurity Solution Resources
12345678910
KeySecure Classic (k150v)
7 Enable OpenManage Secure Enterprise Key Manager (SEKM) on Dell EMC PowerEdge Servers
1 KeySecure Classic (k150v)
1.1 Prerequisites for KeySecure Classic
Before you start setting up iDRAC SEKM support, you must first ensure that the following prerequisites are
fulfilled. Else, you cannot successfully set up SEKM.
PowerEdge Server Prerequisites
iDRAC SEKM license installed
iDRAC Enterprise license
iDRAC updated to the firmware version which supports SEKM
PERC updated to the firmware version which supports SEKM
Key Management Server (KMS) Prerequisites
Set up a valid CA to sign iDRAC CSR
A user account that represents the iDRAC on the KMS (For Gemalto, this means having the associated
connector license)
Authentication settings on the KMIP Service of the KMS
1.2 Set up SEKM on KeySecure Classic
This section describes the Gemalto KeySecure features that are supported by iDRAC. For information about
all other KeySecure features, see the KeySecure Appliance Administration Guide available on the Gemalto
support site: https://support.thalesgroup.com
.
SSL Certificate
When creating an SSL certificate request, you must include the IP address of the key management server in
the Subject Alternative name field.
The IP address must be given in the format listed below:
IP:xxx.xxx.xxx.xxx
Users and groups
It is recommended that you create a separate user account for each iDRAC on the KMS. This enables you to
protect the keys created by an iDRAC from being accessed by another iDRAC. If the keys require to be
shared between iDRACs then it is recommended to create a group and add all iDRAC usernames that must
share keys to that group.
Authentication
The authentication options supported by the KeySecure KMS are as shown in the sample screen shot:
Authentication settings on Gemalto