Configure the Key Management Interoperability Protocol (KMIP) settings in Thales
CipherTrust Manager server.
About this task
IBM Fusion HCI System with IBM Spectrum® Storage Scale Erasure Code Edition (ECE) does not support the Thales or Vormetric
CipherTrust Manager, and that the current encryption CR implementation in CNSA or IBM Fusion HCI System works only with IBM Security GKLM (with
simplified setup).
Procedure
-
If KMIP client does not exist, then create it.
- From the Thales CipherTrust Manager user interface, select
.
- Add the username location to the Common Name (CN) field during profile
creation.
- Create a token.
- Go to .
- Copy the token for the next step.
- Register the client.
- Go to .
- Specify the name.
- Paste the Registration Token from the previous
step.
- Click Save.
- To download the Private Key and Client Certificate, click Save
Private Key and Save Certificate respectively.
- Create a KMIP interface.
- Go to .
- Select KMIP Key Management Interoperability Protocol and click
Next.
- Select an available Port.
- Select Network Interface as
all.
- Select Interface Mode for TLS. Verify
client certificate and the username that is taken from the client certificate. The auth request is
optional.
- Select the CA to be used, and click Save.
- To get the server CA certificate, click ellipsis overflow menu of the newly
created interface, and click Download Certificate.
Whenever you
configure encryption from the IBM Fusion user
interface, use these downloaded files.