- Notes, cautions, and warnings
- Preface
- Introduction
- Access Control
- Access control settings
- Security for management access
- Authentication
- Authorization
- Component access controls
- Data security settings
- Password policy
- Physical security controls
- Login banner and message of the day
- Logging
- Communication Security
- Communication security settings
- Port usage
- Ports used by Unisphere components on VNX for block
- How VNX for file works on the network
- Network encryption
- Management support for TLS communications on VNX2 systems
- SSL certificates
- Planning considerations for Public Key Infrastructure on VNX for file
- IP packet reflect on VNX for file systems
- Effect of filtering management network
- vSphere Storage API for Storage Awareness (VASA) support
- Special configurations
- Secure Remote Procedure Call
- Other security considerations
- Data Security Settings
- Data at Rest Encryption overview
- Data at Rest Encryption feature activation
- Encryption status
- Backup keystore file
- Data in place upgrade
- Hot spare operations
- Adding a disk drive to a VNX with encryption activated
- Removing a disk drive from a VNX with encryption enabled
- Replacing a chassis and SPs from a VNX with encryption enabled
- Security Maintenance
- Advanced Management Capabilities
- Secure deployment and usage settings
- TLS cipher suites
- LDAP-based directory server configuration
- VNX for file CLI role-based access
- VNX for file CLI security configuration operations
- Configuring password policy
- Configuring session timeout
- Protect session tokens
- Configuring network encryption and authentication using the SSL protocol
- Configuring PKI
- Creating the certificate provided by the persona
- Using the Control Station as the CA
- Obtaining CA certificates
- Generate a key set and certificate request
- Send the certificate request to the CA
- Import a CA-signed certificate
- List the available CA certificates
- Acquire a CA certificate
- Import a CA certificate
- Generate a new Control Station CA certificate
- Display the certificate
- Distribute the Control Station CA certificate
- Request and Install Customer-Supplied Certificates for Control Station
- Managing PKI
- Customize a login banner
- Create a MOTD
- Restrict anonymous root login
- Locking accounts after a specific number of failed logins
- VNX for block SSL certificate import
EMC® VNX® Series Security Configuration Guide for VNX
Backup keystore file
A new component, referred to as the VNX Key Management Server, is responsible for generating, storing and otherwise managing the encryption keys for the system. The keystore that is generated to store the keys resides on a managed LUN in private space on the system. Keys are generated or deleted in response to notifications that a RAID group /disk drive have been respectively added or removed.
Changes to the configuration of the system that result in changes to the keystore generate alerts that recommend key backups be created. When an operation that results in a change to the keystore occurs, an alert appears and persists until the keystore has been retrieved from the system for backup.
NOTE:EMC strongly recommends that you backup the generated keystore file to another location which is external to the system where the keystore can be kept safe and secret. In the event that the keystore on the system is corrupted, the system will be nonfunctional. The system will enter a degraded state, only the operating system boots. In this state, attempts to access the system through Unisphere will return an error indicating that the keystore is in an inaccessible state. In this, case the backup keystore file and a service engagement are required for resolution.
A user role of administrator, storageadmin, or sanadmin is required to backup the keystore file.
To backup the keystore file to a location that is external to the system where the keystore can be kept safe and secret, select System and, from the task list under Wizards, select Backup Keystore File. The dialog box that appears directs you through the steps to backup the generated keystore file.
NOTE:As an alternative, use the VNX for block CLI command
securedata -backupkeys -retrieve to backup the keystore file to a location that is external to the system where the keystore can be kept safe and secret. See the
VNX Series Command Line Interface Reference for Block for detailed information about this CLI command.
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\