Setting Up An External Key Manager

This is the procedure for setting up the external key manager on the array group. To add the array group as a client, see the external key manager documentation.
  1. Go to Administration > Security > Encryption.
  2. Click External Key Manager, and then click Add Key Manager.
  3. Complete the fields as needed for your environment.
    Option Description
    Name The human-friendly name of the External Key Manager.
    Description Additional context.
    Hostname or IP Address The Hostname or IP of the External Key Manager.
    Port The number of the port over which the External Key Manager and the Array communicate.
    NOTE: Ensure that the array can access the External Key Manager with the provided Hostname or IP on the specified port. The default TCP port for KMIP is 5696.
    Protocol The KMIP protocol used by the External Key Manager. This allows you to select the version, such as 1.0, 1.1, 1.2, or 1.3, of the KMIP protocol used by the External Key Manager.
    Username / Password The credentials necessary to access the External Key Manager.
After you have added the new External Key Manager, on startup, the array by way of GMD requests the Master Encryption Key from the External Key Manager. If mutual authentication is successful, the array receives the Master Encryption Key and the remaining keys that are used to unlock the volumes, clones, and replications.