![]() |
MegaRAID Storage Manager Online Help System |
Enabling Drive Security Using EKM
EKM is used for key management when a large number of systems are deployed. You can automate and manage the life cycle of keys and unlock configurations using EKM.
Another important feature of EKM is that you can use EKM without human intervention to perform operations like drive migration and controller replacement.
MegaRAID accomplishes the task of obtaining keys by interacting with the EKM agent. The EKM agent talks to the EKM server (EKMS) through a network and gets the security key for the controller.
Keys are retrieved or created to perform the following tasks.
You can perform the following configurations to enable the drive security to create secure virtual drives using the EKM mode with the support of EKM servers.
- EKM mode is supported by the MegaRAID Storage Manager software and EKMS is present.
- EKM mode is supported by the MegaRAID Storage Manager software and EKMS is not present.
- Change current security settings or switch between modes.
- Change security settings when the user is in EKM and wants to switch to LKM.
- Import Foreign Drives.
Supporting EKM Mode
When you choose EKM for drive security, and decide to configure when EKM mode is supported, and EKMS is present, the application responds to different behaviors based on the scenarios that take place at that particular time.
The first scenario occurs when EKM is enabled, and the second scenario occurs when EKM is enabled and EKMS is present. The details of these scenarios are described further in this section.
Perform the following steps to configure, EKM mode is supported, and EKMS is present.
- Select the Physical tab in the left panel of the MegaRAID Storage Manager window, and select a controller icon.
- Choose any one of the following options to arrive at the Drive Security Choose Mode wizard.
- Select Go To> >Controller>>Enable Drive Security in the main navigation bar in the top portion of the MegaRAID Storage Manager window.
- Right-click the controller icon, and click Enable Drive Security menu.
The Drive Security Choose Mode wizard appears, as shown in the following figure.Figure 128 Drive Security Choose Mode
- Select External Key management (EKM).
- Click OK.
After you click OK, two scenarios occur based on the availability of EKMS.Scenario # 1 - EKM is enabled
When EKM is enabled, you can see the confirmation message as shown in the following figure. The message displayed ensures that security is enabled on the controller using EKMS.
Figure 129 Confirm External Key Management Mode Enabled
On the right hand side frame of the controller properties, in Drive Security Properties, you can see the key management mode is EKM.
Scenario # 2 - EKM is selected, and EKMS is not present
When EKM is selected and EKMS is not present, you have to restart the system. When you restart the system, the system restart message appears as shown in the following figure.
Figure 130 System Restart
When the system restarts the boot agent generates the security keys for the controller.
If the MegaRAID Storage Manager application does not support EKM, the EKM option is greyed out.
Change Security Settings - LKM
When you select the Change Security Settings in the Change Security wizard, as shown in the following figure, two options are provided for you. If you select the first option, Change current security settings, you can change the drive security settings on the controller. If you select the second option, Switch to External Key Management (EKM) mode, you can switch from LKM mode to EKM mode.
Use any of the following options to enable the Change Security Settings wizard.
- Select the Physical View tab in the left panel of the MegaRAID Storage Manager window, and click a controller icon.
- Select Go To -> Controller -> Change Security Settings in the menu bar or right-click on the controller icon, and click Change Security Settings from the menu.
The Drive Security Choose Mode wizard appears, as shown in the following figure.Figure 131 Change Security Settings
- Select the Change current security settings option, if you want to change the drive security settings on the controller using the LKM mode.
- Select Switch to External key management (EKM) mode, if you want to switch over from LKM mode to EKM mode.
- Click OK.
After you click OK and have switched to the EKM mode, the Authentication Drive Security Key dialog appears.
DB09-000202-05 37857-02 Rev. F May 2011 Copyright© 2011 by LSI Corporation. All rights reserved. You can find a list of the LSI U.S. distributors, international distributors, sales offices, and design resource centers on the LSI web site at: http://www.lsi.com/cm/ContactSearch.do |