Key Group

The key group name is displayed. If no key groups are created, the field is blank.

The key group name corresponds to "Serial Number", which is managed in the key server.

The storage system group name is displayed. If no key groups are created, the field is blank.

The storage system group combines the key management device (Key Management Machine) name that is managed by the user with the key group. The storage system group name corresponds to "Device Group Name", which is managed in the key server. Note that "ETERNUS_DX" is specified as the factory default storage system group name when "ETERNUS SF KM" (key management software) is shipped.

The key status is displayed. If no key groups are created, the field is blank.

Refer to "Key Status" for details.

The security level for the key group is displayed. If no key groups are created, the field is blank.

"Security Level" indicates the handling level when application of the SED key to the target RAID group fails. If the key for the relevant RAID group cannot be obtained from the key server due to a communication error and the SEDs that configure the RAID group are changed to hot spares or changed to new SEDs due to failure or maintenance, the storage system performs operations according to the selected security level.

• High

  Rebuilding to hot spares for which the key cannot be changed after SED failure is not performed. The RAID group loses its redundancy if the RAID group status is "Exposed", "Partially Exposed" (for RAID6), "Exposed (Fast)" (for RAID6-FR), or "Partially Exposed (Fast)" (for RAID6-FR).

  When SED maintenance is being performed, replacing an SED with a new SED for which the key cannot be changed does not complete successfully. If this action is performed, the status of the new SED changes to "Not Exist".

  When communication between the key server and the storage system returns to normal and the key can be obtained, the SED status changes to normal. Rebuilding to the SED for which the status changed to normal is performed after the key is changed. Note that "Modifying" may be displayed for the key status for few minutes even though the SED key has already changed. After changing the key, maintenance of the SEDs is complete.

• Low

  Rebuilding or maintenance is performed by using the common key if changing of the key in the key server fails due to a network error.

Even if the security level is changed from "High" to "Low", the rebuilding process does not start immediately after the level is changed. Rebuilding processes start after the storage system recognizes that changing of the security level and key is complete.

The recovery mode for the key group is displayed. If no key groups are created, the field is blank.

The recovery mode is a method to recover locked (*1) RAID groups or SEDs after communication with the key server is resolved. For RAID groups in locked status, "SED Locked" is displayed. For SEDs in locked status, "Not Exist" is displayed.

• Automatic

  This mode recovers locked RAID groups or SEDs when the communication error with the key server is resolved.

• Manual

  Use the [Recovery SED] function of Web GUI to recover the locked RAID groups or SEDs when the communication error with the key server is resolved.

The following information is displayed depending on the key status.

• When the status is "Modifying", the expiration date (YYYY-MM-DD) before the key was replaced is displayed.

• When the status is "Unregistered Server Certificate", "Expired Server Certificate", "No SSL Certificate", "Network Error", "Not Acquired", or "Key Server Error", a "-" (hyphen) is displayed.

• For the other statuses, the key expiration date (YYYY-MM-DD) is displayed.

If no key groups are created, the field is blank.

When the key has expired, a new key is obtained from the key server and automatically applied in place of the expired key.

The key server ID (1 or 2) for the master server is displayed. If no key group is created or if no master server is specified, the field is blank.

The domain name (FQDN) or the IP address of the master server is displayed. If no key group is created or if no master server is specified, the field is blank.

Note that the IPv6 address is displayed as an abbreviation. Refer to "IPv6 Address Notation" for details.

The master server status is displayed. If no key group is created or if no master server is specified, the field is blank.

Refer to "Key Server Status" for details.

The key server ID (1 or 2) of the slave server is displayed. If no key group is created or if no slave server is specified, the field is blank.

The domain name (FQDN) or the IP address of the slave server is displayed. If no key group is created or if no slave server is specified, the field is blank.

Note that the IPv6 address is displayed as an abbreviation. Refer to "IPv6 Address Notation" for details.

The certificate authority name that issues the SSL/KMIP certificate is displayed. If the certificate is not imported, the field is blank.

The name of the destination to which the SSL/KMIP certificate is issued is displayed. If the certificate is not imported, the field is blank.

The start date and time (YYYY-MM-DD hh:mm:ss) of the SSL/KMIP certificate validity period is displayed. If the certificate is not imported, the field is blank.

The end date and time (YYYY-MM-DD hh:mm:ss) of the SSL/KMIP certificate validity period is displayed. If the certificate is not imported, the field is blank.