![]() |
MegaRAID Storage Manager Online Help System |
Enabling Drive Security Using EKM
EKM is used for key management when large number of systems are deployed. You can automate and manage the life cycle of keys, and also use to unlock configurations.
Yet another important feature of EKM is that you can use EKM without human intervention to perform operations like drive migration, and controller replacement.
MegaRAID accomplishes the task of obtaining keys by interacting with the EKM agent. The EKM agent talks to the EKM server (EKMS) through a network and gets the security key for the controller.
Keys are retrieved or created to perform the following tasks.
You can perform the following configurations to enable the drive security to create secure VD using the EKM mode with the support of EKM servers.
Supporting EKM Mode
When you choose EKM for drive security, and decide to configure when EKM mode is supported, and EKMS is present, the application responds to different behaviors based on the scenarios that take place at that particular time.
The first scenario occurs when EKM is enabled, and the second scenario occurs when EKM is enabled and EKMS is present. The details of this scenario are described further in this section.
Perform the following steps to configure when EKM mode is supported, and EKMS is present. To configure this option, you have to select EKM from the Drive Security Choose Mode wizard. To arrive at this wizard use any of the following options:
- Select the Physical View tab in the left panel of the MegaRAID Storage Manager window, and click a controller icon.
- Select Go To -> Controller -> Enable Drive Security in the menu bar or right-click on the controller icon, and click Enable Drive Security from the menu.
- The Drive Security Choose Mode wizard appears, as shown in the following figure.
Figure 91 Drive Security Choose Mode
- Select External Key management (EKM).
- Click OK.
After you click OK, two scenarios occur based on the availability of EKMS.Scenario # 1
EKM is enabled
When EKM is enabled, you can see the confirmation message as shown in the following figure. The message displayed ensures that security is enabled on the controller using EKMS.
Figure 92 Confirm External Key Management Mode Enabled
On the right hand side frame of the controller properties, that is, in Drive Security Properties, you can see EKM supported is ’Yes’.
Scenario # 2
EKM is selected, and EKMS is not present
When EKM is selected and EKMS is not present, you have to restart the system. When you restart the system, the system restart message appears as shown in the following figure.
Figure 93 System Restart
When the system restarts the boot agent generates the security keys for the controller.
If the MSM application does not support EKM, the EKM option is greyed out.
Change Security Settings- LKM
When you select the Change Security Settings in the Change Security wizard as shown in Figure 94, two options are provided for you. If you select the first option, that is, Change current security settings, you can change the drive security settings on the controller. If you select the second option, Switch to External Key Management (EKM) mode you can switch from LKM mode to EKM mode.
Use any of the following options to enable the Change Security Settings wizard.
- Select the Physical View tab in the left panel of the MegaRAID Storage Manager window, and click a controller icon.
- Select Go To -> Controller -> Enable Drive Security in the menu bar or right-click on the controller icon, and click Enable Drive Security from the menu.
The Drive Security Choose Mode wizard appears, as shown in the following figure.Figure 94 Change Security Settings
- Select the Change current security settings option in Figure 94, if you want to change the drive security settings on the controller using the LKM mode.
- Select Switch to External key management (EKM) mode, if you want to switch over from LKM mode to EKM mode.
- Click OK.
After you click OK, you will get the authentication drive security key. This key is generated internally by the system.
DB09-000202-04 37857-02 Rev. E October 2010 Copyright© 2010 by LSI Corporation. All rights reserved. You can find a list of the LSI U.S. distributors, international distributors, sales offices, and design resource centers on the LSI web site at: http://www.lsi.com/cm/ContactSearch.do |