Enabling external key management in ONTAP 9.5 and earlier

You can use one or more KMIP servers to secure the keys the cluster uses to access encrypted data. You can connect up to four KMIP servers to a node. A minimum of two servers is recommended for redundancy and disaster recovery.

Before you begin

About this task

ONTAP configures KMIP server connectivity for all nodes in the cluster.

Steps

  1. Configure key manager connectivity for cluster nodes: security key-manager setup
    The key manager setup wizard opens.
  2. Enter the appropriate response at each prompt.
  3. Add a KMIP server: security key-manager add -address key_management_server_ipaddress
    Example
    clusterl::> security key-manager add -address 20.1.1.1
  4. Add an additional KMIP server for redundancy: security key-manager add -address key_management_server_ipaddress
    Example
    clusterl::> security key-manager add -address 20.1.1.2
  5. Verify that all configured KMIP servers are connected: security key-manager show -status
    For complete command syntax, see the man page.
    Example
    cluster1::> security key-manager show -status
    
    Node            Port      Registered Key Manager  Status
    --------------  ----      ----------------------  ---------------
    cluster1-01     5696      20.1.1.1                available
    cluster1-01     5696      20.1.1.2                available
    cluster1-02     5696      20.1.1.1                available
    cluster1-02     5696      20.1.1.2                available