You can enable encryption of backup data at rest using the selected algorithm and key manager. The backup data encryption feature uses DELL BSAFE libraries, which are FIPS 140-2 validated.
Prerequisites
In a new system, the following prerequisites must be met to configure storage encryption in the appliance:
Go to
Administration- > Access Control > User/Groups and assign Security office role.
Login to appliance CLI using user the Administrator role and set the system passphrase using the
system passphrase set command.
Steps
From the left navigation pane, select
Infrastructure > Storage.
The
Storage window appears.
On the
Storage Encryption tab, click
Configure.
The
Configure Storage Encryption wizard appears.
On the
Algorithm tab, select the required algorithm that must be used to encrypt data at rest.
Select the
Apply to existing data check box to indicate if the algorithm must be used to encrypt the existing data as well.
Click
CertificatesNext.
The
Key Manager tab appears.
Select the
Key Manager Type, as required.
In case of
Embedded Key Manger type, proceed to step 8.
For KMIP-compliant
Key Manager Type provide inputs in the text boxes for:
Key Manager Type
Server Name
Port
Key Class
User
Click
Next.
If the selected key manager requires certificates, the
Certificates tab appears. Otherwise, the
Key Rotation Policy tab appears.
In the CA Certificates section, click
Add.
NOTE:You can add multiple CA certificates.
The
Add CA Certificate dialog box appears.
To add a certificate, do one of the following:
Upload certificate as
.pem file:
Select the option
Upload the certificate as .pem file.
Click
Browse File.
Browse the location where the certificate is stored on the system and select the file.
Click
Select. The certificate is uploaded.
Copy and paste the certificate:
Select the option
Copy and paste the certificate below.
Copy and paste the certificate in the text box that is provided.
To delete a CA certificate, select the certificate, and click
Delete.
In the Host Certificates section, click
Add.
NOTE:You can add one host certificate in the appliance.
The
Add Host Certificate dialog box appears.
To add a host certificate, do one of the following:
Upload certificate as
.p12 file:
Select the option
Upload the certificate as a .p12 file.
Click
Browse File.
Browse the location where the certificate is stored on the system and select the file.
Click
Select.
Enter the
Password for the
.p12 file.
Upload the public key and use generate private key:
Select the option
Upload the public key as a .pem file and use a generate private key.
Click
Generate CSR. The
Generate CSR dialog box appears.
Provide the required, and click
Generate and Download.
Submit the downloaded
.csr file to Certification Authority. The CA provides a
.pem file.
Click
Browse File.
Browse the location where the certificate is stored on the system and select the file.
Click
Select. The certificate is uploaded.
Click
Add to add the host certificate.
The host certificate is added. The
Add button is disabled, and
Delete button is enabled.
To delete a host certificate, select the certificate, and click
Delete.
NOTE:The added certificates are immediately applied to the system even before to completely configure encryption.
Click
Next.
The
Key Rotation Policy tab appears.
Click the
Key Rotation Policy switch to enable it. It is disabled by default.
Set up the key rotation schedule.
You can set up the rotation schedule in months when the
Key Manager Type selected is
Embedded Key Manager. Otherwise, you can set up the key rotation schedule in weeks.
Click
Next.
The
Encryption Status tab appears.
Select
Active Tier switch to enable it, and select the individual cloud units switch to enable encryption on cloud units as well.
Click
Next.
The
Summary tab appears.
View the summary of the storage encryption details that you have configured. To modify any details, click
Edit against the corresponding section.
Click
Restart
file system to apply changes and confirm the configuration settings.
Provide the Security Officer credentials to configure encryption.
Click
Configure to complete configuring storage encryption.
After successful completion of configuring storage encryption, click
Done.
Data is not available for the Topic
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\