Configuring the encryption keys settings
These settings are optional.
You can configure the DS-System policy regarding DS-Client encryption keys. This determines if an encrypted copy of the keys is stored in the DS-System database.
If you enable this option, the customer must also configure the option from the DS-Client side. (For more information, see the DS-Client User Guide.)
NOTE: Encryption keys are stored in the DS-System database in an encrypted format. The keys can be used for various tasks, such as creating DS-Client .CRI (Customer Registration Information) files or running system validation on backed up files. Customers should note the security implications.
To configure DS-Client encryption key management:
1. On the Setup menu, click Configuration. The DS-System Configuration dialog box appears on the Defaults tab.
2. Click Encryption Keys.
3. To activate this feature, select Enable DS-Client Encryption Key Management. Configure the following:
• Mandatory Encryption Key Management — DS-System forces all DS-Clients to enable this feature from the first connection. No activities will be allowed until it is enabled on the DS-Client side.
• Forward DS-Client Encryption Keys to BLM Archiver — DS-System also forwards a copy of the keys to the BLM Archiver so they are available in the archive package for validation purposes, and can be exported if required. They will be stored or removed in parallel with the copy in the DS-System database. (This is mainly a double-redundancy feature.)
• Clear All Existing DS-Client Encryption Keys — If you clear the Enable DS-Client Encryption Key Management box, you can choose to clear all existing DS-Client encryption keys from the DS-System database. This will take effect immediately when you click OK or Apply.
4. Click OK or Apply to save the settings.