No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


Disk Encryption User Guide

OceanStor Dorado V3 Series V300R001

This document is applicable to OceanStor Dorado5000 V3, Dorado6000 V3 and Dorado18000 V3. This document introduces how to install and configure key management servers connected to the storage systems that use self-encrypting disks.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
About keyAuthority Key Management Servers

About keyAuthority Key Management Servers

When configuring keyAuthority key management servers, get some knowledge about the hardware, networking, user permission, and management interface first to prepare for the configuration.


Figure 3-1 and Figure 3-2 show the front and rear panels of a keyAuthority key management server, respectively.

Figure 3-1 Front panel


Fan module


LCD display


Fan indicator


Status indicator


Smart card reader



Figure 3-2 Rear panel


AC power socket


AC power status indicator


Serial port


Management network port


Port1 (service network port)


Port2 (unused)

Typical Networking

A storage system connects to two keyAuthority key management servers that are configured into a cluster in active/standby mode. Figure 3-3 shows the typical network.

Figure 3-3 Typical networking of key management servers

Figure 3-4 shows port connections between different components.

Figure 3-4 Port connections

To ensure that the key management servers can work properly, verify that the network communication between the following components is normal:

  • Storage system's management network port -> key management servers' service network ports (port1)
  • Maintenance terminal -> key management servers' management network ports
  • Key management server 1's service network port (port1) -> key management server 2's service network port (port1)
  • Backup server's network port -> key management servers' service network ports (port1)

User Roles and Permissions

The key management server manages users based on user roles. Different user roles are assigned different permissions.

Roles, default user names, passwords, and permissions supported by the key management server are shown in Table 3-1.

Table 3-1 Roles and permissions


Default User Name and Password




Configures the system network, manages users, manages licenses, performs upgrades, and restores factory settings.

Security Officer


Sets user roles, assigns permissions, creates and maintains system keys, backs up system data, erases and initializes (in the console) smart cards, manages domains, manages KMIP groups, generates and maintains CA and SSL certificates, and maintains licenses.

Group Manager


Manages KMIP clients and keys.



Views, clears, and imports audit logs.

Recovery Officer



Recovery1, recovery2, and recovery3 are all preset users.

Backs up, exports, and restores system keys; restores system data.


In part of the management operations (for example enabling and disabling the maintenance mode), administrators and security officers need to approve each other for settings to take effect.

Management Interface

Thales key management servers support configuration, operation, and maintenance on two different management interfaces, as shown in Table 3-2.

Table 3-2 Management interfaces of keyAuthority key management servers

Management Interface

Entry Mode


Console interface

Logging In to the Key Management Server Management Interface Through the Serial Port

  • Select up and down menus: press the up or down arrow
  • Move to other options: press Tab
  • Modify the status of the check box: press the space key
  • Save settings: press Tab to move the cursor to the OK area, and press Enter

Web interface

Logging In to the Key Management Server Through the Management Port

  • Select menus: use the mouse to select
  • Set parameters: input in the text box and choose from the drop-down menu
  • Save settings: click Save

Different versions of key management servers have slightly different web management interfaces. The configuration and management interface varies with the server versions.

Updated: 2018-11-01

Document ID: EDOC1000159246

Views: 33041

Downloads: 199

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Previous Next