Update SED Authentication Key
Overview
This function updates SED authentication key (hereinafter referred to as "key") in the key group. Updating of the key is performed in the following ways:
When no key is registered in the key group, a key that has not expired is obtained from the key server.
When the key is valid and has not expired, this key is replaced with a new key from the key server.
The storage system monitors the key on a regular basis and automatically replaces an expired key with a new key. This function is used when a new key is required before the key expiration date has been reached because the user loses the SEDs that were disconnected for maintenance. This function asks whether to use the current key again when replacing the key.
Replacing a key is only available when the master server is registered. Check the registration status of the master server in the [Key Group] screen. To replace the key, register the master server in advance. Refer to the [Modify Key Group] function for details.
The key is updated only when communication with the master server is normal.
If no key is registered in the key group, an error occurs when the first update of the key is performed. If this occurs, register the SSL certificate of the storage system in the key server, accept access from the storage system, and then update the key again. The key status changes to "Normal". An SSL certificate of the storage system indicates a "Self-signed SSL certificate" or an "SSL server certificate".
The key can only be updated when the SEDs that configure the RAID groups in the key group are in the normal state. If there are SEDs without normal status in the RAID group, make sure to perform maintenance for these SEDs in advance. If the key is updated before required maintenance is performed for the SEDs, the RAID group status changes to "Exposed" and updating of the key for the RAID group is not complete (the key status of the key group is not changed from "Modifying"). Updating of the key is complete after performing the SED maintenance and the status of all the RAID groups has returned to "Available" (the key status of the key group has changed to "Normal").
If the RAID groups in the key group are blocked (the status is "SED Locked"), the RAID group status is not changed to "Available" even after the key is updated. Make sure to recover SEDs before updating the key. Refer to the [Recovery SED] function for details.
When the key that is currently used is disabled, make sure to compromise the key in the key server by using CLI for the key server.
This function can be used to replace a key when the expiration date of the key is set to "Unlimited".
This function can also be used to update the key in a key group in which no RAID groups are registered.
User Privileges
Availability of Executions in the Default Role
Default role | Availability of executions |
---|---|
Monitor | |
Admin | |
StorageAdmin | |
AccountAdmin | |
SecurityAdmin | |
Maintainer |
Refer to "User Roles and Policies" for details on the policies and roles.
Settings
Current SED Authentication Key Setting
Item | Description | Setting values |
---|---|---|
Current Key |
Select whether to enable ("Enabled Key") or disable ("Disabled Key") the current key. |
Enabled Key (Default) Disabled Key |
Display Contents
Target Key Group
Item | Description | |
---|---|---|
Name |
The key group name is displayed. |
|
Storage System Group Name |
The storage system group name is displayed. |
|
Key Status |
The key status is displayed. Refer to "Key Status" for details. |
|
Key Expiration Date |
The following information is displayed depending on the key status.
|
Operating Procedures
Click [Update SED Key] in [Action].
Select whether to use the current key again, and then click the [Update] button.
→ A confirmation screen appears.
Click the [OK] button.
→ Updating of the SED Authentication Key starts.
Caution- An error screen appears in the following conditions:
When the master server for the key group is not registered
- When one of the following statuses applies to the key in the key group:
Unregistered Server Certificate
Expired Server Certificate
No SSL Certificate
Network Error
Key Server Error
- An error screen appears in the following conditions:
Click the [Done] button to return to the [Key Group] screen.