No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Disk Encryption User Guide

OceanStor V5 Series V500R007

This document is applicable to OceanStor 5110 V5, 5110F V5, 5300 V5, 5300F V5, 5500 V5, 5500F V5, 5600 V5, 5600F V5, 5800 V5, 5800F V5, 6800 V5, 6800F V5, 18500 V5, 18500F V5, 18800 V5, and 18800F V5. It introduces how to install and configure key management servers connected to the storage systems that use self-encrypting disks.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Restoring a Key Management Server to Factory Settings

Restoring a Key Management Server to Factory Settings

If you need to clear settings on a key management server, you can restore it to factory default settings.

Restoration Process

This section describes the process of restoring a key management server to factory settings.

Figure 3-86 Restoration process

Table 3-25 lists the operations, descriptions, and references involved in the restoration process.

Table 3-25 Restoration operations and description

Operation

Description

Reference

Back up the system key.

Initialize smart cards.

Initialize two smart cards and ensure that the cards contain no other information.

Initializing a Smart Card

Back up the system key to the smart cards.

Back up the system key to the two smart cards.

Backing Up the Source Key Management Server's System Key to the Smart Card

Manually back up the configurations of the key management server.

Before restoring the key management server to factory settings, manually back up its configurations to an NFS server, because the restoration will clear all configurations on the key management server.

Manually Backing Up the Configurations of a Key Management Server

(Optional) Destroy keys in a storage system.

If self-encrypting disk domains have been created in a storage system and encryption keys have been generated, you need to destroy the encryption keys of the SEDs before restoring the key management server to factory settings.

Destroying a Key

Destroy the system key.

Before restoring the key management server to factory settings, destroy the system key on the key management server.

Destroying the System Key

Restore the key management server to factory settings.

Restore the key management server to factory default settings through a serial port. Then all the information on the key management server is cleared.

Restoring to the Factory Settings

Destroying the System Key

Before restoring a key management server to the factory settings, you should back up and then destroy its system key.

Prerequisites
  • You have backed up the system key to the two smart cards.
  • The cluster has been deleted. For details, see Deleting a Cluster Member.
Procedure
  1. Log in as a security officer to the key management server's management interface via the serial port.
  2. Select System Key and press Enter.

    The System Key page is displayed, as shown in Figure 3-87.

    Figure 3-87 System key management page

  3. Select Destroy and press Enter.

    The Warning page is displayed, as shown in Figure 3-88.

    Figure 3-88 Destroying the system key

  4. Select Yes and press Enter.

    The Warning page is displayed.

  5. Select Yes and press Enter.

    The Confirmation page is displayed.

  6. Press Enter.

    The system returns to the main management page.

Restoring to the Factory Settings

You can restore a key management server to the factory settings after its system key is destroyed.

Prerequisites
  • You have backed up the system key to the two smart cards.
  • You have destroyed the system key.
Procedure
  1. Use user officer to initiate a request for restoring the key management server to factory defaults.

    1. Log in to the key management server's management interface through the serial port as user officer.
    2. Select Reset Config and press Enter.

      The Confirm page is displayed, as shown in Figure 3-89.

      Figure 3-89 Restoring to the factory settings

    3. Select Yes and press Enter.

      The Confirmation page is displayed.

    4. Press Enter.
    5. Log out user officer.

  2. Use user admin to approve the restoration.

    1. Log in to the key management server's management interface through the serial port as user admin.
    2. Select Reset Config and press Enter.

      The Confirm page is displayed, as shown in Figure 3-90.

      Figure 3-90 Restoring the key management server to the factory settings

    3. Select Yes and press Enter.

      The Confirm page is displayed.

    4. Select Yes and press Enter.

      The Confirm page is displayed.

    5. Wait until a new dialog box is displayed and press Enter.

      After the key management server is restored to factory settings, it automatically shuts down.

  3. Remove the power cable of the key management server and reinsert it to power on the server. The system starts automatically.
Translation
Download
Updated: 2019-07-11

Document ID: EDOC1000181504

Views: 22956

Downloads: 181

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next