Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
Sign In Create an Account Premier Sign In Dell Financial Services Partner Program Sign In
Contact Us

Your Dell.com Carts

Data Domain:在 Data Domain 系统中配置 CipherTrust 服务器

Summary: 在 Data Domain 系统中将 CipherTrust 配置为密钥管理器的步骤。

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Instructions

  1. 使用以下命令在 DD 中设置系统密码:

    System Passphrase set

  2. 使用以下命令将之前生成的主机证书 signed_host_cert.pem 导入 Data Domain 系统:

    adminaccess certificate import host application ciphertrust file <host certificate file>

  3. 将之前生成的 CA 证书 cacert.pem 导入到 Data Domain 系统:

    adminaccess certificate import ca application ciphertrust file cacert.pem

  4. 使用以下命令验证证书:

    adminaccess certificates show

  5. 启用加密:

    filesys encryption enable

  6. 将密钥管理器配置为 ciphertrust:

    filesys  encryption key-manager set server <IP Address> port 5696 key-class <key_class> kmip-user <kmip_user> server-type ciphertrust

  7. 使用以下命令启用密钥管理器:

    filesys encryption key-manager enable

  8. 验证是否已启用密钥管理器:

    filesys encryption key-manager show
The current key-manager configuration is:
      Key Manager: Enabled
      Server Type: CipherTrust
      Server: <serverip>
      Port: 5696
      Status: Online
      Key-class: <key_class>
      KMIP-user: <kmip_user>
      Key rotation period: not-configured
      Last key rotation date: N/A
      Next key rotation date: N/A

  9. 验证新密钥是否已激活。

    filesys encryption keys show detailed

    例如:

    filesys encryption keys show detailed
Active Tier:
Key   Key                                                                State          Size        Key Manager   Min-Cid   Max-Cid
Id    MUID                                                                              post-comp   Type
---   ----------------------------------------------------------------   ------------   ---------   -----------   -------   -------
1     3d4                                                                Deactivated    0           DataDomain    759       1096
2     736FB25DF3E52F1D1086AB0AD36650F011FB4A59777A0611993E28F1E87A972A   Activated-RW   65.45 TiB   KeySecure     1097      -
---   ----------------------------------------------------------------   ------------   ---------   -----------   -------   -------

  10. DDOS 提供 CLI 以确保从 KeySecure 顺利过渡到 CipherTrust。客户必须先将密钥从一个密钥管理器服务器移动到另一个密钥管理器服务器,然后才能使用此 CLI 迁移到 DD。

    为了在 DD 端迁移密钥,我们发出 migrate CLI。

    filesys encryption key-manager keys migrate source <> destination <>

    例如:

    filesys encryption key-manager keys migrate source keysecure destination ciphertrust
Migrating keys from keysecure to ciphertrust key manager.
Do you want to proceed? (yes|no) [no]: yes
Migrated keys to ciphertrust key manager.

  11. 验证密钥是否已在 DD 上迁移,发出以下命令,并检查密钥管理器类型字段。

    filesys encryption keys show detailed

    例如:

    Active Tier:
Key   Key                                                                State          Size        Key Manager   Min-Cid   Max-Cid
Id    MUID                                                                              post-comp   Type
---   ----------------------------------------------------------------   ------------   ---------   -----------   -------   -------
1     3d4                                                                Deactivated    0           DataDomain    759       1096
2     736FB25DF3E52F1D1086AB0AD36650F011FB4A59777A0611993E28F1E87A972A   Activated-RW   65.45 TiB   CipherTrust   1097      -
---   ----------------------------------------------------------------   ------------   ---------   -----------   -------   -------

 

Affected Products

Data Domain, Data Domain
Article Properties
Article Number: 000205843
Article Type: How To
Last Modified: 17 Feb 2025
Version:  3
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.