To Next Page

To Previous Page

772 Implementing the IBM Storwize V5000 Gen2 with IBM Spectrum Virtualize V8.1

12.Confirm that encryption is enabled in Settings → Security → Encryption, as shown in

Figure 13-39. Note the four green checks, which indicate that all four SKLM servers are

detected as available by the system.

Figure 13-39 Encryption enabled with only key servers as encryption key providers

13.4.4 Enabling encryption using both providers

IBM Spectrum Virtualize code V8.1 and later allows parallel use of both key server and USB

flash drive encryption key providers. It is possible to configure both providers in a single run of

encryption enable wizard. To perform such configuration, the system must meet requirements

of both SKLM and USB flash drive encryption key providers.

Spectrum Virtualize supports enabling encryption using an IBM Security Key Lifecycle

Manager (SKLM) key server. SKLM supports Key Management Interoperability Protocol

(KMIP), which is a standard for encryption of stored data and management of cryptographic

keys.

IBM Spectrum Virtualize code V8.1 and later supports up to four key server objects defined in

parallel.

Before you can create the key server object in a storage system, the key server must be

configured. Ensure that you complete the following tasks on the SKLM server before you

enable encryption on the storage system:

1. Configure the SKLM server to use Transport Layer Security version 2 (TLSv2). The default

setting is TLSv1, but IBM Spectrum Virtualize supports only version 2.

2. Ensure that the database service is started automatically on startup.

3. Ensure that there is at least one Secure Sockets Layer (SSL) certificate for browser

access.

4. Create a SPECTRUM_VIRT device group for IBM Spectrum Virtualize systems. A device

group allows for restricted management of subsets of devices within a larger pool.

Important: Make sure that the key management server functionality is fully independent

from storage provided by systems using a key server for encryption key management.

Failure to observe this requirement may create an encryption deadlock. An encryption

deadlock is a situation in which none of key servers in the given environment can become

operational because some critical part of the data in each server is stored on an encrypted

storage system that depends on one of the key servers to unlock access to the data.

Brand

Model

Storwize V5010

IBM Storwize V5010 User Manual

Other manuals for IBM Storwize V5010