Key Group
Overview
This function displays the SED authentication key (hereinafter, referred to as "key") information that is used for a key group and the SSL/KMIP certificate information.
The key group combines all of the RAID groups that use the same key.
The RAID groups that are registered in the key group can be checked by using the [SED Key Group] screen. Refer to the [SED Key Group] function for details.
User Privileges
Availability of Executions in the Default Role
Default role | Availability of executions |
---|---|
Monitor | |
Admin | |
StorageAdmin | |
AccountAdmin | |
SecurityAdmin | |
Maintainer |
Refer to "User Roles and Policies" for details on the policies and roles.
Display Contents
Key Group
Item | Description | ||||
---|---|---|---|---|---|
Name |
The key group name is displayed. If no key groups are created, the field is blank. The key group name corresponds to "Serial Number", which is managed in the key server. |
||||
Storage System Group Name |
The storage system group name is displayed. If no key groups are created, the field is blank. The storage system group combines the key management device (Key Management Machine) name that is managed by the user with the key group. The storage system group name corresponds to "Device Group Name", which is managed in the key server. Note that "ETERNUS_DX" is specified as the factory default storage system group name when "ETERNUS SF KM" (key management software) is shipped. |
||||
Key Status |
The key status is displayed. If no key groups are created, the field is blank. Refer to "Key Status" for details. |
||||
Security Level |
The security level for the key group is displayed. If no key groups are created, the field is blank. "Security Level" indicates the handling level when application of the SED key to the target RAID group fails. If the key for the relevant RAID group cannot be obtained from the key server due to a communication error and the SEDs that configure the RAID group are changed to hot spares or changed to new SEDs due to failure or maintenance, the storage system performs operations according to the selected security level.
Even if the security level is changed from "High" to "Low", the rebuilding process does not start immediately after the level is changed. Rebuilding processes start after the storage system recognizes that changing of the security level and key is complete. |
||||
Recovery Mode |
The recovery mode for the key group is displayed. If no key groups are created, the field is blank. The recovery mode is a method to recover locked (*1) RAID groups or SEDs after communication with the key server is resolved. For RAID groups in locked status, "SED Locked" is displayed. For SEDs in locked status, "Not Exist" is displayed.
|
||||
Key Expiration Date |
The following information is displayed depending on the key status.
If no key groups are created, the field is blank. When the key has expired, a new key is obtained from the key server and automatically applied in place of the expired key. |
||||
Master Server |
Server ID |
The key server ID (1 or 2) for the master server is displayed. If no key group is created or if no master server is specified, the field is blank. |
|||
Domain Name / IP Address |
The domain name (FQDN) or the IP address of the master server is displayed. If no key group is created or if no master server is specified, the field is blank. Note that the IPv6 address is displayed as an abbreviation. Refer to "IPv6 Address Notation" for details. |
||||
Status |
The master server status is displayed. If no key group is created or if no master server is specified, the field is blank. Refer to "Key Server Status" for details. |
||||
Slave Server |
Server ID |
The key server ID (1 or 2) of the slave server is displayed. If no key group is created or if no slave server is specified, the field is blank. |
|||
Domain Name / IP Address |
The domain name (FQDN) or the IP address of the slave server is displayed. If no key group is created or if no slave server is specified, the field is blank. Note that the IPv6 address is displayed as an abbreviation. Refer to "IPv6 Address Notation" for details. |
||||
Status |
The slave server status is displayed. If no key group is created or if no slave server is specified, the field is blank. Refer to "Key Server Status" for details. |
SSL / KMIP Certificate
Item | Description |
---|---|
Issuer Name |
The certificate authority name that issues the SSL/KMIP certificate is displayed. If the certificate is not imported, the field is blank. |
Subject Name |
The name of the destination to which the SSL/KMIP certificate is issued is displayed. If the certificate is not imported, the field is blank. |
Valid From |
The start date and time (YYYY-MM-DD hh:mm:ss) of the SSL/KMIP certificate validity period is displayed. If the certificate is not imported, the field is blank. |
Valid To |
The end date and time (YYYY-MM-DD hh:mm:ss) of the SSL/KMIP certificate validity period is displayed. If the certificate is not imported, the field is blank. |
Serial Number |
The serial number for the SSL/KMIP certificate is displayed. If the certificate is not imported, the field is blank. When created, the serial number is combined with the issuer name, which is a unique number in the certificate authority. |