Configuring Encryption Key Manager Server Access

The Web client allows you to configure library access to a primary and optional secondary Dell Encryption Key Manager (EKM) server. For an overview of library managed encryption, see About Library Managed Encryption.

NOTE: If you plan to use different EKM servers for different partitions, you must also fill in the overrides section of the Setup - Partition Encryption screen (Setup > Encryption > Partition Configuration).

NOTE: This operation should not be performed concurrently by multiple administrative users logged in from different locations. You can access the appropriate screens, but you cannot apply changes while another administrative user is performing the same operation.

Users with administrative privileges can configure EKM system settings, but users with user privileges cannot.

  1. From the Setup menu, select Encryption > System Configuration.

    The currently configured settings are listed under EKM Server Settings.

  2. Select SSL for EKM Servers if you want to enable Secure Sockets Layer (SSL) for communication between the library and the EKM servers. The default is Disabled. If you enable SSL, you must make sure that the primary and secondary EKM Port Numbers (see below) match the SSL port numbers set on the EKM servers. The default SSL port number is 443.

    NOTE: Keys are always encrypted before being sent from the EKM server to a drive, whether SSL is enabled or not. Enabling SSL provides additional security.

  3. Type the IP address (if DNS is not enabled) or the host name (if DNS is enabled) of the primary EKM server into the Primary EKM IP Address or Host text box.

    NOTE: Only IPv4 and IPv6 addresses are supported on this screen.

  4. Type the port number for the primary EKM server into the Primary EKM Port Number text box. The default port number is 3801.

    NOTE: Port number 3801 is the default for non-SSL communication between the library and the EKM servers. If you enabled SSL (see above) you must change this port number to the same SSL port number that is configured on the EKM server. The default SSL port number is 443.

  5. If you are using a secondary server for failover purposes, type the IP address or host name of the secondary EKM server into the Secondary EKM IP Address text box. If you are not using a secondary EKM server, you may leave the default zero IP address, 0.0.0.0, in the Secondary EKM IP Address text box, or you may leave the text box blank.
  6. If you configured a secondary EKM server IP address, type the port number for the secondary EKM server into the Secondary EKM Port Number text box. This port number must be the same as the Primary EKM Port Number in order for synchronization and failover to work. The default port number is 3801.

    NOTE: Port number 3801 is the default for non-SSL communication between the library and the EKM servers. If you enabled SSL for EKM Servers (see above) you must change this port number to the same SSL port number that is configured on the EKM server. The default SSL port number is 443.

  7. Click Apply.

    The Progress Window appears. The Progress Window contains information on the action, elapsed time, and status of the requested operation. Do one of the following:

  8. Save the library configuration.

    For instructions on how to save the library configuration, see Saving the Configuration.

See also: