Getting started with external key management

A security key is a string of characters, which is shared between the secure-enabled drives and controllers in a storage array. When using external key management, you create and maintain security keys on a key management server

See ThinkSystem System Manager online help for conceptual information on using external key management servers and security keys. The following graphic shows the basic workflow for implementing external security keys:



Workflow steps

Both certificate management and external key management are new security features with the ThinkSystem SAN OS. To get started, use the following basic steps:

  1. Generate a Certificate signing request using the

    save storageArray keyManagementClientCSR command. See Generate Key Management Certificate Signing Request (CSR) .
  2. From the KMIP server, request a client and a server certificate.

  3. Install the client certificate using the

    download storageArray keyManagementCertificate command with the certificateType parameter set to client . See Install storage array external key management certificate .
  4. Install the server certificate using the

    download storageArray keyManagementCertificate command with the certificateType parameter set to server . See Install storage array external key management certificate .
  5. Set the IP address and port number of the key management server using the

    set storageArray externalKeyManagement command. See Set external key management settings .
  6. Test communication with the external key management server using the

    start storageArray externalKeyManagement test command. See Test external key management communication .
  7. Create a security key using the

    create storageArray securityKey command. See Create storage array security key .
  8. Validate the security key using the

    validate storageArray securityKey command. See Validate storage array security key .