Setup Guide

Contents
4 Enable OpenManage Secure Enterprise Key Manager (SEKM) on Dell EMC PowerEdge Servers
Contents
Revisions............................................................................................................................................................................. 2
Acknowledgements ............................................................................................................................................................. 3
Contents .............................................................................................................................................................................. 4
Executive summary ............................................................................................................................................................. 6
1 KeySecure Classic (k150v) .......................................................................................................................................... 7
1.1 Prerequisites for KeySecure Classic .................................................................................................................. 7
1.2 Set up SEKM on KeySecure Classic .................................................................................................................. 7
1.3 Set up SEKM on iDRAC ..................................................................................................................................... 8
1.4 Configure SEKM by using the iDRAC GUI ......................................................................................................... 9
1.4.1 Get the CSR file signed on KeySecure Classic ................................................................................................ 10
1.4.2 Download the server CA file from KeySecure Classic and upload to iDRAC .................................................. 14
1.4.3 Configure the Key Management Server (KMS) settings on iDRAC ................................................................. 15
2 Enable SEKM by using the iDRAC PERC ................................................................................................................. 17
2.1 Ensure that SEKM is enabled on iDRAC PERC .............................................................................................. 19
3 Thales Data Security Manager (DSM) ....................................................................................................................... 20
3.1 Prerequisites for Thales Data Security Manager (DSM) .................................................................................. 20
3.2 Set up SEKM on Thales DSM .......................................................................................................................... 20
3.2.1 Add a new host in Thales Vormetric Data Security Manager ........................................................................... 20
3.2.2 Set up SEKM on iDRAC ................................................................................................................................... 21
3.2.3 Configure SEKM by using the iDRAC GUI ....................................................................................................... 21
3.2.4 Get for a CSR file to be signed by an external certificate authority .................................................................. 22
3.2.5 Upload the signed CSR to Thales DSM ........................................................................................................... 24
3.2.6 Download the Root CA that has signed the Thales DSM appliance and upload to iDRAC ............................. 25
3.3 Configure the Key Management Server (KMS) settings on iDRAC ................................................................. 28
3.3.1 Enable SEKM on the iDRAC PERC ................................................................................................................. 28
3.3.2 Ensure SEKM is enabled on iDRAC PERC ..................................................................................................... 31
3.3.3 Viewing Key ID on Thales DSM ....................................................................................................................... 31
4 Next Generation KeySecure (k170v) ......................................................................................................................... 32
4.1 Prerequisites for Next Generation KeySecure ................................................................................................. 32
4.2 Set up SEKM on Next Generation KeySecure ................................................................................................. 32
4.2.1 Configure Auto-Client Registration ................................................................................................................... 32
4.2.2 Configure KMIP Interface ................................................................................................................................. 36
4.2.3 Create a user that represents the iDRAC on the Next Generation KeySecure ............................................... 41
4.3 Set up SEKM on iDRAC ................................................................................................................................... 43
4.4 Configure SEKM by using the iDRAC GUI ....................................................................................................... 43