Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

Integrated Dell Remote Access Controller 9 User's Guide

PDF

SEKM Functionalities

Following are the SEKM functionalities available in iDRAC:

  1. SEKM Key Purge Policy — iDRAC provides a policy setting that allows you to configure iDRAC to purge old unused keys at the Key Management Server (KMS) when Rekey operation is performed. You can set iDRAC read-writable attribute KMSKeyPurgePolicy to one of the following values:
    • Keep All Keys – This is the default setting and is the existing behavior where iDRAC leaves all the keys on the KMS untouched while performing Rekey operation.
    • Keep N and N-1 keys – iDRAC deletes all keys at the KMS except the current (N) and previous key (N-1) when performing Rekey operation.
  2. KMS Key Purge on SEKM Disable — As part of the Secure Enterprise Key Manager (SEKM) solution, iDRAC allows you to disable SEKM on the iDRAC. Once SEKM is disabled, the keys generated by iDRAC at the KMS are unused and remain at the KMS. This feature is for allowing iDRAC to delete those keys when SEKM is disabled. iDRAC provides a new option “-purgeKMSKeys” to existing legacy command “racadm sekm disable” which will let you purge keys at the KMS when SEKM is disabled on iDRAC.
    NOTE If SEKM is already disabled and you want to purge old keys, you must re-enable SEKM, then disable passing in option -purgeKMSKeys.
  3. Key Creation Policy — As part of this release, iDRAC has been pre-configured with a Key Creation Policy. Attribute KeyCreationPolicy is read only and set to "Key per iDRAC" value.
    • iDRAC read-only attribute iDRAC.SEKM.KeyIdentifierN reports the Key Identifier created by the KMS. 
      racadm get iDRAC.SEKM.KeyIdentifierN
    • iDRAC read-only attribute iDRAC.SEKM.KeyIdentifierNMinusOne reports the previous Key Identifier after performing a Rekey operation. 
      racadm get iDRAC.SEKM.KeyIdentifierNMinusOne
  4. SEKM Rekey — iDRAC provides 2 options to rekey your SEKM solution, either Rekey iDRAC or PERC. It's recommended to rekey the iDRAC since this rekeys all SEKM Secure capable/Enabled devices.
    • SEKM iDRAC Rekey [ Rekey on iDRAC.Embedded.1 FQDD ] — When performing racadm sekm rekey iDRAC.Embedded.1 , all SEKM Secure capable/Enabled devices are Rekeyed with a new key from KMS and this is common key to all SEKM enabled devices. iDRAC Rekey operation can also be executed from iDRAC GUI- iDRAC Settings > Services > SEKM Configuration > Rekey. After executing this operation, the change in the Key can be validated by reading KeyIdentifierN and KeyIdentifierNMinusOne attributes.
    • SEKM PERC Rekey ( Rekey On Controller [ Example RAID.Slot.1-1 ] FQDD ) — When performing racadm sekm rekey <controller FQDD>, the corresponding SEKM enabled controller gets rekeyed to the currently active iDRAC common key created from KMS. Storage Controller Rekey operation can also be executed from iDRAC GUI- Storage > Controllers > <controller FQDD> > Actions > Edit > Security > Security(Encryption) > Rekey.

Rate this content

Accurate
Useful
Easy to understand
Was this article helpful?
0/3000 characters
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please select whether the article was helpful or not.
  Comments cannot contain these special characters: <>()\