Key Management Servers

DataCore SANsymphony supports the use of key management servers (KMS), using Key Management Interoperability Protocol (KMIP). In turn, KMIP utilizes Transport Layer Security (TSL) and certificates to set up a Secure Socket Layer (SSL) connection for communication between DataCore Servers and a key management server.

By default, the key management server configuration will be applied to all DataCore Servers in the same server group.

Requirements

Connecting to a key management server requires the following:

• IP address of the key management server
• User name and password for account with appropriate access to acquire certificates to be used by KMIP. The password for the user account will be encrypted before being saved in DataCore SANsymphony.

Enabling Key Management

You can configure the key management servers for DataCore SANsymphony in two ways:

• DataCore SANsymphony PowerShell Cmdlets: See Set-DcsKMIPEndpointProperties in the DataCore Cmdlet Reference Guide.
• DataCore Management Console: On the Server Group Setting tab, expand, under Encryption Key Management, select the KMIP key management check box. ; once selected the remaining fields become active. The Test Address button will test the connection from each DataCore Server to the configured KMS server.

To configure a key management server from the Server Group Details page:

1. Click the Server Group Setting tab and expand the Encryption Key Management section.

   

2. Select the KMIP key management check box.
3. In the KMS server address field, enter the IP address for the key management server.

   Use the Test Address button to test the connection from each DataCore Server to the configured key management server.

4. In the User name and Password fields, enter the credentials for the account to be used by KMIP.
5. Click Apply to save your changes.