ContextQMD
Back to Infisical

Dell PowerEdge SEKM

docs/documentation/platform/kms/kmip-dell-poweredge.mdx

0.160.122.8 KB
Original Source

This guide walks you through setting up Secure Enterprise Key Management (SEKM) on Dell PowerEdge servers with iDRAC to encrypt Self-Encrypting Drives (SEDs) using Infisical as your key management server.

Prerequisites

  • Infisical KMIP server deployed and running (see KMIP Integration)
  • Dell PowerEdge server with iDRAC Enterprise license
  • SEKM license installed on iDRAC
  • Network connectivity between iDRAC and KMIP server on port 5696

Integration Steps

<Steps> <Step title="Create a KMIP Client in Infisical"> In your KMS project, navigate to **KMIP** and create a KMIP client for the iDRAC. </Step> <Step title="Configure SEKM on iDRAC"> 1. Log into the iDRAC web interface 2. Navigate to **iDRAC Settings > Services** 3. Expand **iDRAC Key Management** and select **SEKM** 4. Enter the KMIP server address and port (default: 5696) 5. Click **Next** </Step> <Step title="Generate Certificate Request on iDRAC"> When iDRAC prompts you to generate a certificate request, you'll need to enter subject values. You can find the required values in Infisical by clicking **Generate Certificate** on your KMIP client and selecting the **CSR** request method - the modal will display the exact **Client ID** and **Project ID** to use. 
1. Click **Generate CSR** on iDRAC
2. Enter the certificate information:
   - **Common Name (CN)**: Enter the **Client ID** shown in Infisical
   - **Organizational Unit (OU)**: Enter the **Project ID** shown in Infisical
   - Fill in other fields as needed (Organization, Country, etc.)
3. Click **Generate** and download the certificate request file
</Step> <Step title="Sign the Certificate in Infisical"> 1. In the Infisical modal, paste the certificate request content from iDRAC 2. Set the certificate validity period (e.g., "1y" for one year) 3. Click **Sign Certificate** 4. Download the signed certificate and certificate chain </Step> <Step title="Upload Certificate to iDRAC"> 1. In iDRAC, upload the signed client certificate 2. Upload the certificate chain as the KMS CA certificate 3. Click **Test Network Connection** to verify connectivity 4. Complete the SEKM configuration </Step> <Step title="Enable Encryption on Storage Controller"> Once SEKM is configured, you can enable encryption on your storage controller (PERC, HBA, or NVMe) through iDRAC. </Step> </Steps>

Troubleshooting

  • Certificate validation fails: Make sure you used the correct Client ID and Project ID when generating the certificate request on iDRAC.
  • Connection timeout: Verify network connectivity and that firewall rules allow traffic on port 5696.
  • Authentication errors: Ensure you uploaded both the signed certificate and the certificate chain to iDRAC.