Skip to main content
SANtricity commands

Getting started with external key management

Contributors netapp-driley
PDFs

A security key is a string of characters, which is shared between the secure-enabled drives and controllers in a storage array. When using external key management, you create and maintain security keys on a key management server

See SANtricity System Manager online help for conceptual information on using external key management servers and security keys.

The following is the basic workflow for implementing external security keys:

  1. Generate a Certificate Signing request

  2. Get client and server certificates from the KMIP server

  3. Install the client certificate

  4. Set the IP address and port number of the KMIP server

  5. Test communication with KMIP server

  6. Create a storage array security key

  7. Validate the security key

Workflow steps

Both certificate management and external key management are new security features with the SANtricity11.40 release. To get started, use the following basic steps:

  1. Generate a Certificate signing request using the save storageArray keyManagementClientCSR command. See Generate Key Management certificate signing request.

  2. From the KMIP server, request a client and a server certificate.

  3. Install the client certificate using the download storageArray keyManagementCertificate command with the certificateType parameter set to client. See Install storage array external key management certificate.

  4. Install the server certificate using the download storageArray keyManagementCertificate command with the certificateType parameter set to server. See Install storage array external key management certificate.

  5. Set the IP address and port number of the key management server using the set storageArray externalKeyManagement command. See Set external key management settings.

  6. Test communication with the external key management server using the start storageArray externalKeyManagement test command. See Test external key management communication.

  7. Create a security key using the create storageArray securityKey command. See Create security key.

  8. Validate the security key using the validate storageArray securityKey command. See Validate internal or external security key.