Update SED Authentication Key

Overview

This function updates SED authentication key (hereinafter referred to as "key") in the key group. Updating of the key is performed in the following ways:

  • When no key is registered in the key group, a key that has not expired is obtained from the key server.

  • When the key is valid and has not expired, this key is replaced with a new key from the key server.

The storage system monitors the key on a regular basis and automatically replaces an expired key with a new key. This function is used when a new key is required before the key expiration date has been reached because the user loses the SEDs that were disconnected for maintenance. This function asks whether to use the current key again when replacing the key.

Caution
  • Replacing a key is only available when the master server is registered. Check the registration status of the master server in the [Key Group] screen. To replace the key, register the master server in advance. Refer to the [Modify Key Group] function for details.

  • The key is updated only when communication with the master server is normal.

  • If no key is registered in the key group, an error occurs when the first update of the key is performed. If this occurs, register the SSL certificate of the storage system in the key server, accept access from the storage system, and then update the key again. The key status changes to "Normal". An SSL certificate of the storage system indicates a "Self-signed SSL certificate" or an "SSL server certificate".

  • The key can only be updated when the SEDs that configure the RAID groups in the key group are in the normal state. If there are SEDs without normal status in the RAID group, make sure to perform maintenance for these SEDs in advance. If the key is updated before required maintenance is performed for the SEDs, the RAID group status changes to "Exposed" and updating of the key for the RAID group is not complete (the key status of the key group is not changed from "Modifying"). Updating of the key is complete after performing the SED maintenance and the status of all the RAID groups has returned to "Available" (the key status of the key group has changed to "Normal").

  • If the RAID groups in the key group are blocked (the status is "SED Locked"), the RAID group status is not changed to "Available" even after the key is updated. Make sure to recover SEDs before updating the key. Refer to the [Recovery SED] function for details.

  • When the key that is currently used is disabled, make sure to compromise the key in the key server by using CLI for the key server.

Note
  • This function can be used to replace a key when the expiration date of the key is set to "Unlimited".

  • This function can also be used to update the key in a key group in which no RAID groups are registered.

User Privileges

Availability of Executions in the Default Role

Default role Availability of executions
Monitor  
Admin
StorageAdmin  
AccountAdmin  
SecurityAdmin
Maintainer  

Refer to "User Roles and Policies" for details on the policies and roles.

Settings

Current SED Authentication Key Setting

Item Description Setting values

Current Key

Select whether to enable ("Enabled Key") or disable ("Disabled Key") the current key.

Enabled Key (Default)

Disabled Key

Display Contents

Target Key Group

Item Description

Name

The key group name is displayed.

Storage System Group Name

The storage system group name is displayed.

Key Status

The key status is displayed.

Refer to "Key Status" for details.

Key Expiration Date

The following information is displayed depending on the key status.

  • When the status is "Modifying", the expiration date (YYYY-MM-DD) before the key was replaced is displayed.

  • When the status is "Unregistered Server Certificate", "Expired Server Certificate", "No SSL Certificate", "Network Error", "Not Acquired", or "Key Server Error", a "-" (hyphen) is displayed.

  • For the other statuses, the key expiration date (YYYY-MM-DD) is displayed.

Operating Procedures

  1. Click [Update SED Key] in [Action].

  2. Select whether to use the current key again, and then click the [Update] button.

    → A confirmation screen appears.

  3. Click the [OK] button.

    → Updating of the SED Authentication Key starts.

    Caution
    • An error screen appears in the following conditions:
      • When the master server for the key group is not registered

      • When one of the following statuses applies to the key in the key group:
        • Unregistered Server Certificate

        • Expired Server Certificate

        • No SSL Certificate

        • Network Error

        • Key Server Error

  4. Click the [Done] button to return to the [Key Group] screen.