Chapter 1 System Management
1.11 Key Management
ETERNUS Web GUI User’s Guide (Settings)
Copyright 2015 FUJITSU LIMITED
P2X0-1270-13ENZ0
176
1.11.8
Update SED Authentication Key
This function updates the key in the key group. Updating of the key is performed in the following ways:
•
When no key is registered in the key group, a key that has not expired is obtained from the key server.
•
When the key is valid and has not expired, this key is replaced with a new key from the key server.
The ETERNUS DX S3 series monitors the key on a regular basis and automatically replaces an expired key with
a new key. This function is used when a new key is required before the key expiration date has been reached
because the user loses the SEDs that were disconnected for maintenance. This function asks whether to use
the current key again when replacing the key.
For details on the parameters for this function, refer to
"A.1.10.6 Update SED Authentication Key" (page 760)
.
For the factory default settings for this function, refer to
"Appendix B Update SED Authentication Key" (page
.
•
Replacing a key is only available when the master server is registered. Check the registration status of the
master server in the [Key Group] screen. To replace the key, register the master server in advance. Refer to
"1.11.7 Modify Key Group" (page 174)
for details.
•
The key is updated only when communication with the master server is normal.
•
If no key is registered in the key group, an error occurs when the first update of the key is performed. In
this case, register the SSL certificate of the ETERNUS DX S3 series in the key server, accept access from the
ETERNUS DX S3 series, and then update the key again. The key status changes to "Normal". An SSL certifi-
cate of the ETERNUS DX S3 series indicates a "self-signed SSL certificate" or an "SSL server certificate".
•
The key can only be updated when the SEDs that configure the RAID groups in the key group are in the
normal status. If there are SEDs without normal status in the RAID group, make sure to perform
maintenance for these SEDs in advance. If the key is updated before required maintenance is performed
for the SEDs, the RAID group status changes to "
Exposed" and updating of the key for the RAID group
is not complete (the key status of the key group is not changed from "Modifying"). Updating of the key is
complete after performing the SED maintenance and the status of all the RAID groups has returned to
"
Available" (the key status of the key group has changed to "Normal").
•
If the RAID groups in the key group are blocked (the status is "
SED Locked"), the RAID group status is
not changed to "
Available" even after the key is updated. Make sure to recover SEDs before updating
the key. Refer to
for details.
•
When "Disabled Key" is selected for "Current Key", make sure to compromise (*1) the key in the key server
by using CLI for the key server. Note that GUI for the key server does not support the key compromising
function.
*1:
The key becomes unavailable in the key server.
•
This function can be used to replace a key when the expiration date of the key is set to "Unlimited".
•
This function can also be used to update the key in a key group in which no RAID groups are registered.
Summary of Contents for Eternus DX200F
Page 2: ...This page is intentionally left blank ...
Page 1082: ......