Enable external key management in ONTAP 9.5 and earlier
You can use one or more KMIP servers to secure the keys the cluster uses to access encrypted data. You can connect up to four KMIP servers to a node. A minimum of two servers is recommended for redundancy and disaster recovery.
-
The KMIP SSL client and server certificates must have been installed.
-
You must be a cluster administrator to perform this task.
-
You must configure the MetroCluster environment before you configure an external key manager.
ONTAP configures KMIP server connectivity for all nodes in the cluster.
-
Configure key manager connectivity for cluster nodes:
security key-manager setup
The key manager setup starts.
-
Enter the appropriate response at each prompt.
-
Add a KMIP server:
security key-manager add -address key_management_server_ipaddress
clusterl::> security key-manager add -address 20.1.1.1
-
Add an additional KMIP server for redundancy:
security key-manager add -address key_management_server_ipaddress
clusterl::> security key-manager add -address 20.1.1.2
-
Verify that all configured KMIP servers are connected:
security key-manager show -status
For complete command syntax, see the man page.
cluster1::> security key-manager show -status Node Port Registered Key Manager Status -------------- ---- ---------------------- --------------- cluster1-01 5696 20.1.1.1 available cluster1-01 5696 20.1.1.2 available cluster1-02 5696 20.1.1.1 available cluster1-02 5696 20.1.1.2 available