Controller swap with external key management and all drives secured

If you swap both controllers in a dual-controller system, or one controller in a simplex system, are using an external security key, and all drives in the storage array are locked, you must reestablish communication with the external key management server to unlock access to the drives.

Before you begin

Procedure

  1. Select Settings > System.
  2. Under Connect to Key Server, enter information in the following fields:
    • Key management server address – Enter the fully qualified domain name or the IP address (IPv4 or IPv6) of the server used for key management.
    • Key management port number – Enter the port number used for the Key Management Interoperability Protocol (KMIP) communications. The most common port number used for key management server communications is 5696.
    • Select client certificate – Click the first Browse button to select the certificate file for the storage array's controllers.
    • Select key management server's server certificate – Click the second Browse button to select the certificate file for the key management server.
  3. Click Next.
  4. Click Finish.
    The system connects to the key management server with the credentials you entered. A copy of the security key is then stored on your local system.
    Note: The path for the downloaded file might depend on the default download location of your browser.
  5. Record the location of the downloaded key file, and then click Close.
    The page displays the following message with additional links for external key management:

    Current key management method: External

  6. Test the connection between the storage array and the key management server by selecting Test Communication.
    Test results display in the dialog box.
  7. Select Settings > System.
  8. Under Security key management, select Unlock Secure Drives.
    The Unlock Secure Drives dialog box opens.
  9. From the drop-down list in the first field (click the arrow on the far right), select the security key identifier that is associated with the drives you want to unlock.
    When you select an identifier, the associated drive information appears below the field and the Browse button becomes available. The drives are identified by shelf number, drawer number, and bay number.
  10. Click Browse, and then select the security key file that corresponds to the identifier.
    The key file you selected appears below the field.
  11. Enter the pass phrase associated with this key file.
    The characters you enter are masked.
  12. Click Unlock.
    If the unlock operation is successful, the dialog box displays: "The associated secure drives have been unlocked."

Result

When all drives are locked and then unlocked, each controller in the storage array will reboot. However, if there are already some unlocked drives in the target storage array, then the controllers will not reboot.