Configuring Encryption Key Server Access for Dell EKM

The Web client allows you to configure library access to a primary and optional secondary Dell Encryption Key Manager (EKM) server. For an overview of library managed encryption, see About Library Managed Encryption.

NOTE: If you plan to use different EKM servers for different partitions, you must also fill in the overrides section of the Setup - Partition Encryption screen (Setup > Encryption > Partition Configuration).

NOTE: This operation should not be performed concurrently by multiple administrative users logged in from different locations. You can access the appropriate screens, but you cannot apply changes while another administrative user is performing the same operation.

Users with administrative privileges can configure EKM system settings, but users with user privileges cannot.

  1. From the Setup menu, select Encryption > System Configuration.
  2. Select SSL for EKM Servers if you want to enable Secure Sockets Layer (SSL) for communication between the library and the EKM servers. The default is Disabled. If you enable SSL, you must make sure that the primary and secondary EKM Port Numbers (see below) match the SSL port numbers set on the EKM servers. The default SSL port number is 443.

    NOTE: Keys are always encrypted before being sent from the EKM server to a drive, whether SSL is enabled or not. Enabling SSL provides additional security.

  3. Type the IP address (if DNS is not enabled) or the host name (if DNS is enabled) of the primary EKM server into the Primary EKM IP Address or Host text box.

    NOTE: Only IPv4 and IPv6 addresses are supported on this screen.

  4. Type the port number for the primary EKM server into the Primary EKM Port Number text box. The default port number is 3801 unless SSL is enabled. If SSL is enabled, the default port number is 443.
  5. NOTE: If you change the port number for the key server from the default setting on the library, you must also change the port number on the actual key server to match, or library managed encryption will not work properly. See your key server user's manual for information on changing the port number on the server.

  6. If you are using a secondary server for failover purposes, type the IP address or host name of the secondary EKM server into the Secondary EKM IP Address or Host text box. If you are not using a secondary EKM server, you may type a IP address, 0.0.0.0, in the text box, or you may leave the text box blank.
  7. If you configured a secondary EKM server IP address, type the port number for the secondary server into the Secondary EKM Port Number text box. The default port number is 3801 unless SSL is enabled. If SSL is enabled, the default port number is 443.

    NOTE: If you are using a secondary key server, then the port numbers for both the primary and secondary key servers must be set to the same value. If they are not, synchronization and failover will not occur.

  8. Click Apply.

    The Progress Window appears. The Progress Window contains information on the action, elapsed time, and status of the requested operation. Do one of the following:

  9. Save the library configuration.

    For instructions on how to save the library configuration, see Saving the Configuration.

You may also access the EKM Path Diagnostics from this screen. For more information, see Encryption Key Manager Path Diagnostics.

See also: