Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

PowerProtect Data Manager Appliance 5.15.0.0 Administrator's Guide for DM5500

PDF

Configure Backup Data Encryption

You can enable encryption of backup data at rest using the selected algorithm and key manager. The backup data encryption feature uses DELL BSAFE libraries, which are FIPS 140-2 validated.

Prerequisites

In a new system, the following prerequisites must be met to configure storage encryption in the appliance:

  • Security Officer user is created. See Configure a local Security Officer role user for more information.
  • Go to Administration- > Access Control > User/Groups and assign Security office role.
  • Login to appliance CLI using user the Administrator role and set the system passphrase using the system passphrase set command.

Steps

  1. From the left navigation pane, select Infrastructure > Storage.
    The Storage window appears.
  2. On the Storage Encryption tab, click Configure.
    The Configure Storage Encryption wizard appears.
  3. On the Algorithm tab, select the required algorithm that must be used to encrypt data at rest.
  4. Select the Apply to existing data check box to indicate if the algorithm must be used to encrypt the existing data as well.
  5. Click CertificatesNext.
    The Key Manager tab appears.
  6. Select the Key Manager Type, as required.
    In case of Embedded Key Manger type, proceed to step 8.
  7. For KMIP-compliant Key Manager Type provide inputs in the text boxes for:
    1. Key Manager Type
    2. Server Name
    3. Port
    4. Key Class
    5. User
  8. Click Next.
    If the selected key manager requires certificates, the Certificates tab appears. Otherwise, the Key Rotation Policy tab appears.
    1. In the CA Certificates section, click Add.
      NOTE:You can add multiple CA certificates.
      The Add CA Certificate dialog box appears.
    2. To add a certificate, do one of the following:
      • Upload certificate as .pem file:
        1. Select the option Upload the certificate as .pem file.
        2. Click Browse File.
        3. Browse the location where the certificate is stored on the system and select the file.
        4. Click Select. The certificate is uploaded.
      • Copy and paste the certificate:
        1. Select the option Copy and paste the certificate below.
        2. Copy and paste the certificate in the text box that is provided.
    3. To delete a CA certificate, select the certificate, and click Delete.
    4. In the Host Certificates section, click Add.
      NOTE:You can add one host certificate in the appliance.
      The Add Host Certificate dialog box appears.
    5. To add a host certificate, do one of the following:
      • Upload certificate as .p12 file:
        1. Select the option Upload the certificate as a .p12 file.
        2. Click Browse File.
        3. Browse the location where the certificate is stored on the system and select the file.
        4. Click Select.
        5. Enter the Password for the .p12 file.
      • Upload the public key and use generate private key:
        1. Select the option Upload the public key as a .pem file and use a generate private key.
        2. Click Generate CSR. The Generate CSR dialog box appears.
        3. Provide the required, and click Generate and Download.
        4. Submit the downloaded .csr file to Certification Authority. The CA provides a .pem file.
        5. Click Browse File.
        6. Browse the location where the certificate is stored on the system and select the file.
        7. Click Select. The certificate is uploaded.
    6. Click Add to add the host certificate.
      The host certificate is added. The Add button is disabled, and Delete button is enabled.
    7. To delete a host certificate, select the certificate, and click Delete.
    NOTE:The added certificates are immediately applied to the system even before to completely configure encryption.
  9. Click Next.
    The Key Rotation Policy tab appears.
  10. Click the Key Rotation Policy switch to enable it. It is disabled by default.
  11. Set up the key rotation schedule.
    You can set up the rotation schedule in months when the Key Manager Type selected is Embedded Key Manager. Otherwise, you can set up the key rotation schedule in weeks.
  12. Click Next.
    The Encryption Status tab appears.
  13. Select Active Tier switch to enable it, and select the individual cloud units switch to enable encryption on cloud units as well.
  14. Click Next.
    The Summary tab appears.
  15. View the summary of the storage encryption details that you have configured. To modify any details, click Edit against the corresponding section.
  16. Click Restart file system to apply changes and confirm the configuration settings.
  17. Provide the Security Officer credentials to configure encryption.
  18. Click Configure to complete configuring storage encryption.
    After successful completion of configuring storage encryption, click Done.

Rate this content

Accurate
Useful
Easy to understand
Was this article helpful?
0/3000 characters
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please select whether the article was helpful or not.
  Comments cannot contain these special characters: <>()\