766 Implementing the IBM Storwize V5000 Gen2 with IBM Spectrum Virtualize V8.1
Before you can create a key server object in the storage system, the key server must be
configured. Ensure that you complete the following tasks on the SKLM server before you
enable encryption on the storage system:
Configure the SKLM server to use Transport Layer Security version 2 (TLSv2). The default
setting is TLSv1, but IBM Spectrum Virtualize supports only version 2.
Ensure that the database service is started automatically on startup.
Ensure that there is at least one Secure Sockets Layer (SSL) certificate for browser
access.
Create a SPECTRUM_VIRT device group for IBM Spectrum Virtualize systems.
For more information about completing these tasks, see SKLM documentation at IBM
Knowledge Center at:
https://www.ibm.com/support/knowledgecenter/SSWPVP
Access to the key server storing the correct master access key is required to enable
encryption for the cluster after a system restart such as a system-wide reboot or power loss.
Access to the key server is not required during a warm reboot, such as a node exiting service
mode or a single node reboot. The data center power-on procedure must ensure key server
availability before storage system using encryption is booted.
To enable encryption using a key server follow these steps:
1. Ensure that you have service IPs configured on all your nodes.
2. In the Enable Encryption wizard Welcome tab, select Key servers and click Next, as
shown in Figure 13-40.
Figure 13-30 Selecting Key server as the only provider in the Enable Encryption wizard
To Next Page
Loading...
Need help?
General