You can manage key management servers from the CommCell Console.
If the CommServe computer cannot access the Key Management Service (KMS) server, then you must configure an access node to communicate with the KMS. Also, you can use an access node if you do not want the Commserve to communicate with the KMS server directly. You can configure any MediaAgent including the web server in your CommCell environment to function as an access node.
If you had set up security restrictions for KMS server that does not allow the computers in another environment to communicate, then CommServe computer cannot access the KMS server. For example, IAM role-based authentication for AWS and Managed Identity authentication for Azure. Then, you must configure a MediaAgent computer in the same environment to function as an access node to communicate with the KMS.
You can add or modify a KMS server with access node from the CommCell Console. You can add more than one access node to the KMS server. When you add multiple access nodes, the CommServe uses an active access node at the top in the list to communicate with KMS server.
The Commvault software manages the life cycle of a key, including its creation and usage. You can opt to use your own key that you create and manage. When you use your own key, the software only uses the key for encryption. You must create one key per storage pool.
You can perform the following tasks to manage a key management server: