Chapter 13. Encryption 765
7. You receive a message confirming that the encryption is now enabled on the system, as
shown in Figure 13-28.
Figure 13-28 Encryption enabled message using USB flash drives
8. You can confirm that encryption is enabled, as well as verify which key providers are in
use, by going to Settings → Security → Encryption, as shown in Figure 13-29.
Figure 13-29 Encryption view showing using USB flash drives as the enabled provider
13.4.3 Enabling encryption using key servers
A key server is a centralized system that receives and then distributes encryption keys to its
clients, including IBM Spectrum Virtualize systems.
IBM Spectrum Virtualize supports use of an IBM Security Key Lifecycle Manager (SKLM) key
server as an encryption key provider. SKLM supports Key Management Interoperability
Protocol (KMIP), which is a standard for management of cryptographic keys.
IBM Spectrum Virtualize code V8.1 and later supports up to 4 key server objects defined in
parallel.
Note: Make sure, that the key management server functionality is fully independent from
storage provided by systems using a key server for encryption key management. Failure to
observe this requirement may create an encryption deadlock. An encryption deadlock is a
situation in which none of key servers in the given environment can become operational
because some critical part of the data in each server is stored on a storage system that
depends on one of the key servers to unlock access to the data.
To Next Page
Loading...
Need help?
General