Modify Key Group
Overview
This function changes the key group settings.
The key group combines all of the RAID groups that use the same SED authentication key (hereinafter referred to as "key"). One key group can be created in the storage system.
User Privileges
Availability of Executions in the Default Role
Default role | Availability of executions |
---|---|
Monitor | |
Admin | |
StorageAdmin | |
AccountAdmin | |
SecurityAdmin | |
Maintainer |
Refer to "User Roles and Policies" for details on the policies and roles.
Settings
Key Group Setting
Item | Description | Setting values | ||||
---|---|---|---|---|---|---|
Name |
Input a key group name. The key group name corresponds to "Serial Number", which is managed in the key server. Caution
|
Up to 32 alphanumeric characters and symbols (underscore "_") The first letter must be an alphabetic character |
||||
Storage System Group Name |
Input the storage system group name. The storage system group combines the key management device (Key Management Machine) name that is managed by the user with the key group. The storage system group name corresponds to "Device Group Name", which is managed in the key server. Caution
|
Up to 16 alphanumeric characters and symbols (underscore "_") The first letter must be an alphabetic character |
||||
Security Level |
Select the security level of the key group from "High" or "Low". "Security Level" indicates the handling level when application of the SED key to the target RAID group fails. If the key for the relevant RAID group cannot be obtained from the key server due to a communication error and the SEDs that configure the RAID group are changed to hot spares or changed to new SEDs due to failure or maintenance, the storage system performs operations according to the selected security level.
Even if the security level is changed from "High" to "Low", the rebuilding process does not start immediately after the level is changed. Rebuilding processes start after the storage system recognizes that changing of the security level and key is complete. |
High Low |
||||
Recovery Mode |
Select the recovery mode of the key group from "Automatic" or "Manual". The recovery mode is a method to recover locked (*1) RAID groups or SEDs after communication with the key server is resolved. For RAID groups in locked status, "SED Locked" is displayed. For SEDs in locked status, "Not Exist" is displayed.
|
Automatic Manual |
||||
Key Valid Period |
Select a key expiration period that is based on the date when the key from the key server is obtained for the first time (beginning of use). When the key expires, a new key is obtained from the key server and the expired key is automatically replaced. If the key expiration period is changed, the same key is used from the first date of use until the key expired. Note that the "first date" indicates the first day of use instead of the first day of the key changed.
|
Unlimited 1 month - 12 month |
||||
Key Server |
Master |
Select the key server ID that is assigned for the master or slave server. "None" and the registered key server ID are displayed as options. Caution
|
None 1 2 |
|||
Slave |
Operating Procedures
Click [Modify Key Group] in [Action].
Specify the parameters, and click the [Modify] button.
→ A confirmation screen appears.
Caution- An error screen appears in the following conditions:
The "Name" is not entered
The "Storage System Group Name" is not entered
Each parameter fails to satisfy the input conditions
The same server ID is specified for both the master and slave servers
When "None" is selected for both of the servers (master and slave) while RAID groups are registered in the key group
- An error screen appears in the following conditions:
Click the [OK] button.
→ Changing of the key group settings starts.
Click the [Done] button to return to the [Key Group] screen.