No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Disk Encryption User Guide

OceanStor V5 Series V500R007

This document is applicable to OceanStor 5110 V5, 5110F V5, 5300 V5, 5300F V5, 5500 V5, 5500F V5, 5600 V5, 5600F V5, 5800 V5, 5800F V5, 6800 V5, 6800F V5, 18500 V5, 18500F V5, 18800 V5, and 18800F V5. It introduces how to install and configure key management servers connected to the storage systems that use self-encrypting disks.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
About keyAuthority Key Management Servers

About keyAuthority Key Management Servers

When configuring keyAuthority key management servers, get some knowledge about the hardware, networking, user permission, and management interface first to prepare for the configuration.

Hardware

Figure 3-1 and Figure 3-2 show the front and rear panels of a keyAuthority key management server, respectively.

Figure 3-1 Front panel

A

Fan module

B

LCD display

C

Fan indicator

D

Status indicator

E

Smart card reader

-

-

Figure 3-2 Rear panel

A

AC power socket

B

AC power status indicator

C

Serial port

D

Management network port

E

Port1 (service network port)

F

Port2 (unused)

Typical Networking

A storage system connects to two keyAuthority key management servers that are configured into a cluster in active/standby mode. Figure 3-3 shows the typical network.

Figure 3-3 Typical networking of key management servers

Figure 3-4 shows port connections between different components.

Figure 3-4 Port connections

To ensure that the key management servers can work properly, verify that the network communication between the following components is normal:

  • Storage system's management network port -> key management servers' service network ports (port1)
  • Maintenance terminal -> key management servers' management network ports
  • Key management server 1's service network port (port1) -> key management server 2's service network port (port1)
  • Backup server's network port -> key management servers' service network ports (port1)

User Roles and Permissions

The key management server manages users based on user roles. Different user roles are assigned different permissions.

Roles, default user names, passwords, and permissions supported by the key management server are shown in Table 3-1.

Table 3-1 Roles and permissions

Role

Default User Name and Password

Permission

Administrator

admin/password123

Configures the system network, manages users, manages licenses, performs upgrades, and restores factory settings.

Security Officer

officer/password123

Sets user roles, assigns permissions, creates and maintains system keys, backs up system data, erases and initializes (in the console) smart cards, manages domains, manages KMIP groups, generates and maintains CA and SSL certificates, and maintains licenses.

Group Manager

-

Manages KMIP clients and keys.

Auditor

-

Views, clears, and imports audit logs.

Recovery Officer

recovery1/recovery2/recovery3/password123

NOTE:

recovery1, recovery2, and recovery3 are all preset users.

Backs up, exports, and restores system keys; restores system data.

NOTE:

In some management operations (for example enabling and disabling the maintenance mode), administrators and security officers need to approve each other for settings to take effect.

Management Interface

The keyAuthority key management servers support configuration, operation, and maintenance on two different management interfaces, as shown in Table 3-2.

Table 3-2 Management interfaces of keyAuthority key management servers

Management Interface

Entry

Operation

Console interface

Logging In to the Key Management Server's Management Interface Through the Serial Port

  • Select up and down menus: press the up or down arrow
  • Move to other options: press Tab
  • Modify the status of the check box: press the space key
  • Save settings: press Tab to move the cursor to the OK area, and press Enter

Web interface

Logging In to the Key Management Server Through the Management Port

  • Select menus: use the mouse to select
  • Set parameters: input in the text box and choose from the drop-down menu
  • Save settings: click Save
NOTE:

The web interfaces for different versions of key management servers may differ slightly.

Translation
Download
Updated: 2019-07-11

Document ID: EDOC1000181504

Views: 23065

Downloads: 181

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next