Adding a Key Management Interoperability Protocol Server

You can add or modify a Key Management Interoperability Protocol server from the Command Center.

Note

If you configure the CommServe LiveSync feature in the CommCell environment, then you must copy the key management server certificates to all the nodes under the same path.

Before You Begin

  • Certificate and certificate keys must be in PEM encoded format.

  • Commvault software uses the following custom attributes. Ensure that the KMIP server supports these custom attributes. Otherwise, contact your KMIP server vendor.

    Attribute Name

    Attribute Type

    CommVaultCommCell

    String

    CommVaultCommCellGUID

    String

    CommVaultStoragePolicy

    String

    CommVaultStoragePolicyCopy

    String

    CommVaultStoragePolicyCopyId

    Integer

    FirstRetrieveTimestamp

    Date/Time

    LastRetrieveTimestamp

    Date/Time

Procedure

  1. From the navigation pane, go to Manage > Security.

    The Security page appears.

  2. Click the Key management servers tile.

    The Key management servers page appears.

  3. Click Add at the top right, and then select KMIP.

    The Add KMIP dialog box appears.

  4. Enter the following information:

    • Name: Enter the name of the key provider.

    • Key length: Select the key length to use with the Advanced Encryption Standard (AES) Rijndael cipher.

    • Server: Enter the IP address or the hostname of the third-party key management server.

      If the server is a cluster server, then specify the IP addresses or the hostnames of all the servers in the cluster, separated by a comma.

      Note: If you use third-party key management servers, and you decide to migrate clients from one CommCell environment to another CommCell environment, then both the source CommCell environment and the destination CommCell environment must use the same third-party key management server.

    • Port: Enter the port that is used by the key management server.

      If the server is a cluster server, then all the servers in the cluster must use the same port.

    • Passphrase: If you set a passphrase when you generated the certificate, then enter the passphrase.

    • Certificate: Select the location of the client certificate.

      Examples of certificate locations:

      For SafeNet, enter the location: C:\Certificates\client.crt.

      For Vormetric, enter the location C:\Certificates\client.pem.

    • Certificate key: Select the location of the client certificate key.

      Examples of certificate key locations:

      For SafeNet, enter the location C:\Certificates\clientkey.

      For Vormetric, enter the location C:\Certificates\client_private.pem.

    • CA Certificate: Select the location of the key management server certificate authority (CA) certificate.

      Examples of CA certificate locations:

      For SafeNet, enter the location: C:\Certificates\Local_CA.crt.

      For Vormetric, enter the location C:\Certificates\1.2.3.4_CA.pem.

  5. To use the Access Node, complete the following steps:

    1. Move Use Access Node toggle key to the right, and then click Add.

      The Access node dialog box appears.

    2. From the Access Node list, select the MediaAgent that you want to use as an access node.

    3. From the Authentication Type list, select an authentication type, and provide any additional information requested.

    4. Click Submit.

  6. Click Submit.

Loading...