Table of ContentsView in Frames

Information to collect before configuring Storage Encryption

You must gather certain information to successfully set up Storage Encryption on your storage system.

Information to collect Details Required Optional
Network interface name You must provide the name of the network interface the storage system should use to communicate with external key management servers.
Note: Do not configure 10-Gigabit network interfaces for communication with key management servers.
x  
Network interface IP address You must provide the IP address of the network interface. This IP address can be in either IPv4 or IPv6 format. x  
IPv6 network prefix length For IPv6 addresses, you must provide the network prefix length. You can either provide it by appending a slash (/) and the network prefix length directly to the IPv6 address when entering it, or you can enter the network prefix length separately when prompted after entering the address. x  
Network interface subnet mask You must provide the subnet mask of the network interface. x  
Network interface gateway IP address You must provide the IP address for the network interface gateway. x  
IP addresses for external key management servers You must link the storage system to at least one external key management server during setup. You should add two or more external key management servers to prevent having a single point of failure. If you add only one external key management server and it fails, you can lose access to your data.

If you specify IPv6 addresses for external key management servers, you must also provide an IPv6 address for the storage system network interface.

x  
IP address for additional external key management servers You can link the storage system to multiple additional external key management servers during setup for redundancy.   x
Port number for each external key management server You must provide the port number that each key management server listens on. The port number must be the same for all key management servers. x  
Public SSL certificate for storage system You must provide a public SSL certificate for the storage system to link it to the external key management server. x  
Private SSL certificate for storage system You must provide a private SSL certificate for the storage system. x  
Public SSL certificate for external key management servers You must provide a public SSL certificate for each external key management server to link it to the storage system. x  
Key tag name You can provide a name that is used to identify all keys belonging to a particular storage system. The default key tag name is the system's host name.   x