Chapter 11
Solution Configuration
11.4
Security
●
Configuration Procedure
Audit log transmission
Perform the following settings with the ETERNUS AF:
Audit log setup
•
Use ETERNUS Web GUI to specify the message format of audit logs that are sent and specify the domain
name or the IP address for the Syslog server that receives these logs.
For details on the settings for a Syslog server that receives audit logs, refer to the manuals of the Syslog
management software.
Key management server linkage
Settings for the ETERNUS AF
•
Register the following information with ETERNUS Web GUI.
SED authentication key registration
-
Register the key that is managed in the ETERNUS AF (common key).
Self-signed SSL certificate creation
-
Create a self-signed SSL certificate as the SSL certificate of the ETERNUS AF to establish communication
between the ETERNUS AF and the key server.
Key management device name setup
-
Specify the name (machine ID) of the ETERNUS AF that is used for key management.
-
Key server setup
Specify the FQDN or the IP address of the key server that is linked.
Key group creation
-
Create a key group to register the RAID groups that use the same key.
SSL/KMIP server certificate import
-
Register the SSL/KMIP server-side certificate that is exported from the key server in the ETERNUS AF.
SED authentication key update
-
Obtain the key that is set to the key group from the server.
Creating the key group
-
Register the RAID groups that use the same key in the key group.
Settings for ETERNUS SF KM
•
Register the following information in the key server (ETERNUS SF KM):
SSL certification registration
-
Perform the setting to use the self-signed SSL certificate of the ETERNUS AF in order to provide the key.
-
Network setting
Add the IP address and the host name of the ETERNUS AF in the hosts file.
Specifying the ETERNUS AF that is the target for management
-
Specify the group name that is registered in the ETERNUS AF and the name (machine ID) of the ETERNUS
AF that is set for key management.
To complete the settings for the ETERNUS AF and ETERNUS SF KM, the certificate for the ETERNUS AF must be
registered in ETERNUS SF KM. The certificate for ETERNUS SF KM must also be registered in the ETERNUS AF.
For details on the setting procedures and setting items, refer to "ETERNUS SF KM Installation Guide".
FUJITSU Storage ETERNUS AF250 S2, ETERNUS AF250 All-Flash Arrays Configuration Guide (Basic)
Copyright 2017 FUJITSU LIMITED
169
P3AG-1832-04ENZ0