Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This topic article explains how to create a symmetric encryption key inside of the Vormetric Data Security Manager (DSM).


Video Tutorial

...

Widget Connector
overlayyoutube
_templatecom/atlassian/confluence/extra/widgetconnector/templates/youtube.vm
width400px
urlhttps://www.youtube.com/watch?v=C1al7q-7b3E
height300px


Prerequisites

...

Before you begin, you must be able to:  

  • Access

    your 

    your SSL VPN

     account and

    account and connect to your Armor environment.

  • Access the DSM configuration provisioning ticket in

    the 

    the Armor Management Portal (AMP).

    • This ticket contains the necessary administrator credentials and the public IP address for the DSM.

  • Access the DSM and log in as a Security Administrator


Create a Symmetric Encryption Key

...

  1. Log in as the Security Administrator.

  2. At the top, click Keys. For the purpose of this exercise, you can disregard the drop-down menu items.

    Image Modified

  3. After you click Keys, the window below appears. For now, the only key that should appear is clear_key.

...



  1. Image Modified

...


  1. Click Add on either the top or bottom of the window.

...



  1. Image Modified

  2. In Name, enter a descriptive name. This name appears when you search through the list of keys used in your policies. This name also appears in your host if you run the secfsd -status

...

  1. GuardPoint command.

...



  1. Image Modified

  2. (Optional) In Description, enter additional details for identification and usage purposes.

  3. In Template, the default selection is Choose One. Armor recommends that you keep the default selection.

...



  1. Image Modified

  2. In Algorithm, there is the AES256 and AES218 option. For your reference, Advanced Encryption Standard with a 256-bit key (AES256) has a higher level of data security than the DSM default of AES128, while still maintaining low performance overhead.

...



  1. Image Modified

  2. In Key Type, select where you want to store the key. There are two options.

    • Stored on Server is the more secure option, where the key is stored exclusively on the DSM. Each time the key is needed, the host retrieves it. While this is the more secure potion, there are some disadvantages. If the host reboots or loses contact with the DSM, the host will not have the key in persistent memory to unlock the GuardPoints until connectivity is restored.

    • Cached on Host stores a copy of the key (in an encrypted form) to persistent memory on the host. With this option, it is possible to unlock the GuardPoints

...

    • before connectivity is restored. This option is the more commonly used selection.

  1. (Optional) You can check the Unique to Host box if you want to restrict the key usage to a single host. This option is not commonly used because backups and restores are more complicated when you manage multiple keys.

  2. In Key Creation Method, the default selection is Generate. Armor recommends that you keep the default selection. This option automatically generates a key using a random seed.

    • The other option, Manual Input, generates a key using an imported file and is rarely used.

  3. In Expiry Date, you can set the expiration date and a reminder to rekey at a specified time. This option is rarely used; however, this option may be needed to fulfil stricter compliance mandates.

  4. In Key Refreshing Period (minutes), the default selection is 10080. Armor recommends that you keep the default selection.



Next Step:  Vormetric Policy Planning

...

Topics Discussed

Table of Contents
maxLevel3
minLevel3