No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


Disk Encryption User Guide

OceanStor Dorado V3 Series V300R001

This document is applicable to OceanStor Dorado5000 V3, Dorado6000 V3 and Dorado18000 V3. This document introduces how to install and configure key management servers connected to the storage systems that use self-encrypting disks.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Upgrading a Key Management Server

Upgrading a Key Management Server

When the key management server software is updated, you need to upgrade the current software to the updated version. Follow instructions in this section to complete the upgrade of the two key management servers.

Process of Upgrading a Key Management Server

This section describes the process of upgrading a key management server.

Figure 3-91 shows the process of upgrading a key management server.

Figure 3-91 Upgrade process

Table 3-26 describes operations, descriptions, and references involved in upgrading a key management server.

Table 3-26 Key management server upgrade operations and descriptio




Create system key shares.

Create system key shares to export the system key to smart cards.

Generating System Key Shares

Back up a system key.

Initialize smart cards.

Initialize two smart cards and ensure that the cards contain no other information.

Initializing a Smart Card

Back up system keys on smart cards.

Export system keys to the two smart cards, to back up the system keys.

Backing Up the Source Key Management Server System Key to the Smart Card

Manually back up the configuration of a key management server.

If the upgrade fails or the original setting information needs to be restored, use the backup file on the NFS server to restore.

Manually Backing Up Configurations of a Key Management Server

Start the maintenance mode.

The upgrade operation must be performed under the maintenance mode of the key management server.

Enabling the Maintenance Mode of Key Management Servers

Configure the key management server upgrade parameters.

Perform the upgrade through a serial port. Go to the web interface and check whether the upgraded version is correct after the upgrade is completed.

Configuring Upgrade of Key Management Servers

Close the maintenance mode.

Close the maintenance mode of the key management server after confirming the upgrade completion.

Disabling the Maintenance Mode of Key Management Servers

Configuring Upgrade of Key Management Servers

This section describes how to upgrade the software version of the key management server.

  • The system key of the current key management server has been exported to the two smart cards before an upgrade.
  • The configuration information of the key management server to be upgraded has been manually backed up to the NFS server before the upgrade.
  • An FTP server has been set up and it can communicate properly with the key management servers before the upgrade.
  • A patch package of the key management server has been prepared and decompressed to the directory of the FTP server before the upgrade.
  • Two key management servers in the cluster need to be upgraded to the same version.
  1. Enable the maintenance mode of key management servers.
  2. Log in to the key management server management interface through the serial port as user admin.
  3. Select Update and press Enter.

    The System Upgrade page is displayed, as shown in Figure 3-92.

    Figure 3-92 Setting upgrade parameters

  4. Set upgrade parameters.

    Set Protocol and Port to FTP and 21 respectively, and set Server and Path to the IP address of the FTP server and the path saving the upgrade file on the NTP server. If Save as defaults is selected, the system automatically saves the FTP server information. During the next upgrade, the system automatically set it to the saved configuration. In addition, set File, User, and Password to the name of the upgrade file as well as the user name and password for logging in to the FTP server. After the configuration, select OK and press Enter.


    After the upgrade succeeds, the key management server automatically restarts.

  5. Verify the upgrade.

    1. Log in to the web interface of the key management server that is upgraded and restarted as an administrator user.
    2. Click the Summary tab and check whether Software version is the same as the target version, as shown in Figure 3-93.
    Figure 3-93 Viewing the upgrade result

Updated: 2018-11-01

Document ID: EDOC1000159246

Views: 32945

Downloads: 199

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Previous Next