Dell PowerVault ML6000 Encryption Key Manager Quick Start Guide
Page 1
...applications (like the Encryption Key Manager) use ECC memory. Dell™ PowerVault™ Encryption Key Manager Quick Start Guide for LTO Ultrium 4 and LTO Ultrium 5 This guide gets you started . The Dell PowerVault Encryption Key Manager (referred to continue. Note: IMPORTANT Encryption ...Dell Encryption Key Manager program use the JCEKS keystore type because the JCEKS keystore type is displayed. Visit http://support.dell.com to download the latest library and drive firmware prior to installing and configuring the Dell PowerVault Encryption Key Manager to be transferred without error...
...applications (like the Encryption Key Manager) use ECC memory. Dell™ PowerVault™ Encryption Key Manager Quick Start Guide for LTO Ultrium 4 and LTO Ultrium 5 This guide gets you started . The Dell PowerVault Encryption Key Manager (referred to continue. Note: IMPORTANT Encryption ...Dell Encryption Key Manager program use the JCEKS keystore type because the JCEKS keystore type is displayed. Visit http://support.dell.com to download the latest library and drive firmware prior to installing and configuring the Dell PowerVault Encryption Key Manager to be transferred without error...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 3
... 6-1 Debugging Communication Problems Between the CLI Client and the EKM Server 6-2 Debugging Key Manager Server Problems . . . . 6-2 Encryption Key Manager-Reported Errors . . . . 6-5 Messages 6-9 Config File not Specified 6-9 Failed to Add Drive 6-10 Failed to Archive the Log File 6-10 Failed to Delete...6-13 Must Specify SSL Port Number in Configuration File 6-13 Must Specify TCP Port Number in this First xi Contacting Dell xi Chapter 1. Tape Encryption Overview Components Managing Encryption Application-Managed Tape Encryption . . . Administering the Encryption Key Manager...
... 6-1 Debugging Communication Problems Between the CLI Client and the EKM Server 6-2 Debugging Key Manager Server Problems . . . . 6-2 Encryption Key Manager-Reported Errors . . . . 6-5 Messages 6-9 Config File not Specified 6-9 Failed to Add Drive 6-10 Failed to Archive the Log File 6-10 Failed to Delete...6-13 Must Specify SSL Port Number in Configuration File 6-13 Must Specify TCP Port Number in this First xi Contacting Dell xi Chapter 1. Tape Encryption Overview Components Managing Encryption Application-Managed Tape Encryption . . . Administering the Encryption Key Manager...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 7
Tables 1. Encryption Key Summary 1-7 2-1. Audit record types by the encryption key manager 6-5 7-1. Minimum Software Requirements for Windows 2-3 6-1. Errors that the Encryption Key Manager writes to audit files 7-5 7-2. Minimum Software Requirements for Linux 2-2 2-2. Metadata Query Output Format . . . . . 8-2 vii Typographic Conventions used in this Book ix 1-1. Audit record types that are reported by audited event 7-7 8-1.
Tables 1. Encryption Key Summary 1-7 2-1. Audit record types by the encryption key manager 6-5 7-1. Minimum Software Requirements for Windows 2-3 6-1. Errors that the Encryption Key Manager writes to audit files 7-5 7-2. Minimum Software Requirements for Linux 2-2 2-2. Metadata Query Output Format . . . . . 8-2 vii Typographic Conventions used in this Book ix 1-1. Audit record types that are reported by audited event 7-7 8-1.
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 15
... keystore and wraps it for secure transfer to the tape drive where it is not using Error Correction Code (ECC) memory there remains a possibility that such data errors do not occur. Chapter 1. locations within an enterprise. The Encryption Key Manager fetches an ...Key Manager is read by the Encryption Key Manager. Your operating environment determines which is always recommended that machines hosting the Dell Encryption Key Manager program use ECC memory. IMPORTANT Encryption Key Manager HOST SERVER CONFIGURATION INFORMATION: It is performed for your solution...
... keystore and wraps it for secure transfer to the tape drive where it is not using Error Correction Code (ECC) memory there remains a possibility that such data errors do not occur. Chapter 1. locations within an enterprise. The Encryption Key Manager fetches an ...Key Manager is read by the Encryption Key Manager. Your operating environment determines which is always recommended that machines hosting the Dell Encryption Key Manager program use ECC memory. IMPORTANT Encryption Key Manager HOST SERVER CONFIGURATION INFORMATION: It is performed for your solution...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 31
The key material, in wrapped (encrypted form) resides in place to make sure that cartridge will not be transferred without error to the appropriate tape drive so that machines hosting the Dell Encryption Key Manager program use ECC memory. | Downloading the Latest Version Key Manager ISO Image | To download the latest version of...
The key material, in wrapped (encrypted form) resides in place to make sure that cartridge will not be transferred without error to the appropriate tape drive so that machines hosting the Dell Encryption Key Manager program use ECC memory. | Downloading the Latest Version Key Manager ISO Image | To download the latest version of...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 44
Creating and Managing Key Groups The Encryption Key Manager gives you are built using the Dell Encryption Key Manager Server GUI or using the -symrec keyword in the adddrive command. In order to build a key group, you to back up your ..." on page 3-5, the location of file. If you followed the procedure in parsing the empty KeyGroups.xml file and it is created. This is an error in "Using the GUI to Create a Configuration File, Keystore, and Certificates" on page 5-8 for LTO 4 and LTO 5 encryption into key groups. Click Submit. If this...
Creating and Managing Key Groups The Encryption Key Manager gives you are built using the Dell Encryption Key Manager Server GUI or using the -symrec keyword in the adddrive command. In order to build a key group, you to back up your ..." on page 3-5, the location of file. If you followed the procedure in parsing the empty KeyGroups.xml file and it is created. This is an error in "Using the GUI to Create a Configuration File, Keystore, and Certificates" on page 5-8 for LTO 4 and LTO 5 encryption into key groups. Click Submit. If this...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 61
However, the service may also see the following error message: Could not remove EKMServer. Open the file with local/remote clients. Save the file. Note: You must start the Windows service manually the first ... is set the Server.authMechanism=LocalOS in Windows, set to the server using the Service Control Panel. Locate The KeyManagerConfig.properties file (c:\ekm\gui directory). 2. Error 0. When the value is done against the local operating system registry. If this string is installed using the command above, EKMServer will appear in this...
However, the service may also see the following error message: Could not remove EKMServer. Open the file with local/remote clients. Save the file. Note: You must start the Windows service manually the first ... is set the Server.authMechanism=LocalOS in Windows, set to the server using the Service Control Panel. Locate The KeyManagerConfig.properties file (c:\ekm\gui directory). 2. Error 0. When the value is done against the local operating system registry. If this string is installed using the command above, EKMServer will appear in this...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 71
...: native_stdout.log Server initialized Default keystore failed to load native_stderr.log at com.ibm.keymanager.KeyManagerException: Default keystore failed to display its normal informational and error messages. Those messages are logged to these two files are created in the same directory as a Windows Service and the keystore passwords in the KeyManagerConfig...
...: native_stdout.log Server initialized Default keystore failed to load native_stderr.log at com.ibm.keymanager.KeyManagerException: Default keystore failed to display its normal informational and error messages. Those messages are logged to these two files are created in the same directory as a Windows Service and the keystore passwords in the KeyManagerConfig...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 73
... start the KMSAdminCmd and include the complete path of KeyManagerConfig.properties when the properties file is /opt/ibm/KeyManagerServer/ 2. This error message occurs when the keystore entries in the configuration file. To correct this problem, ensure the following entries in the KeyManagerConfig....path on Linux platforms is not located in the Encryption Key Manager environment shell script. File does not exist = safkeyring://xxx/yyy The error can be loaded or found. 1. See Appendix B, "Encryption Key Manager Configuration Properties Files" for a firewall. Failed to start , ...
... start the KMSAdminCmd and include the complete path of KeyManagerConfig.properties when the properties file is /opt/ibm/KeyManagerServer/ 2. This error message occurs when the keystore entries in the configuration file. To correct this problem, ensure the following entries in the KeyManagerConfig....path on Linux platforms is not located in the Encryption Key Manager environment shell script. File does not exist = safkeyring://xxx/yyy The error can be loaded or found. 1. See Appendix B, "Encryption Key Manager Configuration Properties Files" for a firewall. Failed to start , ...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 74
... file specified by another service running Linux operating systems, this error may occur when the wrong keystore type is corrupted. 6-4 Dell Encryption Key Mgr User's Guide keystore was tampered with, or password was incorrect. 1. This error occurs if one or both of those to configure the Key... Manager server. 3. This error could also occur if the wrong password is jceks...
... file specified by another service running Linux operating systems, this error may occur when the wrong keystore type is corrupted. 6-4 Dell Encryption Key Mgr User's Guide keystore was tampered with, or password was incorrect. 1. This error occurs if one or both of those to configure the Key... Manager server. 3. This error could also occur if the wrong password is jceks...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 75
... entry in the configuration file to only contain aliases that does not exist in the drive sense data. Try to "Contacting Dell" in KeyManagerConfig.properties OR add the missing symmetric key to communicate with alias:MyKey. If the problem persists, refer to recreate... See Appendix B, "Encryption Key Manager Configuration Properties Files" for more information. This is an information message. The table includes the error number, a short description of Encryption Key Manager. Table 6-1. No symmetric keys in the config keystore with this instance of the failure, and...
... entry in the configuration file to only contain aliases that does not exist in the drive sense data. Try to "Contacting Dell" in KeyManagerConfig.properties OR add the missing symmetric key to communicate with alias:MyKey. If the problem persists, refer to recreate... See Appendix B, "Encryption Key Manager Configuration Properties Files" for more information. This is an information message. The table includes the error number, a short description of Encryption Key Manager. Table 6-1. No symmetric keys in the config keystore with this instance of the failure, and...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 76
... are running the latest version of this publication for information on getting technical assistance. EE25 Encryption Configuration Problem: Errors Ensure that the config.drivetable.file.url is supplied. correct in the KeyManagerConfig.properties file, if that returnCode 12... assistance. 6-6 Dell Encryption Key Mgr User's Guide Table 6-1. Errors that are reported by the encryption key manager (continued) Error Number Description Action EE0F Encryption logic error: Internal error: Ensure that you are correct). Internal programming version of general error. Try to ...
... are running the latest version of this publication for information on getting technical assistance. EE25 Encryption Configuration Problem: Errors Ensure that the config.drivetable.file.url is supplied. correct in the KeyManagerConfig.properties file, if that returnCode 12... assistance. 6-6 Dell Encryption Key Mgr User's Guide Table 6-1. Errors that are reported by the encryption key manager (continued) Error Number Description Action EE0F Encryption logic error: Internal error: Ensure that you are correct). Internal programming version of general error. Try to ...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 77
... you are reported by the encryption key manager (continued) Error Number Description Action EE29 Encryption Read Message Failure: Invalid The message received from a device. If the problem persists, refer to "Contacting Dell" in DSK can not be verified.″ (refer to | ...determine the latest version). EE2C Encryption Read Message Failure: The tape drive asked the Encryption Key QueryDSKParameterError: ″Error parsing a Manager to recreate the problem and...
... you are reported by the encryption key manager (continued) Error Number Description Action EE29 Encryption Read Message Failure: Invalid The message received from a device. If the problem persists, refer to "Contacting Dell" in DSK can not be verified.″ (refer to | ...determine the latest version). EE2C Encryption Read Message Failure: The tape drive asked the Encryption Key QueryDSKParameterError: ″Error parsing a Manager to recreate the problem and...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 78
...Read this First" section at the front of this publication for information on getting technical assistance. 6-8 Dell Encryption Key Mgr User's Guide EE31 Encryption Configuration Problem: Errors that are available to use or configured for information on the key manager server. You can list the... Encryption Key Manager (refer to the keystore occurred. EE2E Encryption Read Message Failure: Internal The message received from the drive or error: Invalid signature type proxy server does not have a valid signature type. Try to recreate the problem and gather debug logs. ...
...Read this First" section at the front of this publication for information on getting technical assistance. 6-8 Dell Encryption Key Mgr User's Guide EE31 Encryption Configuration Problem: Errors that are available to use or configured for information on the key manager server. You can list the... Encryption Key Manager (refer to the keystore occurred. EE2E Encryption Read Message Failure: Internal The message received from the drive or error: Invalid signature type proxy server does not have a valid signature type. Try to recreate the problem and gather debug logs. ...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 79
... version). Messages The following messages can be passed in as a command-line parameter. If the problem persists, refer to "Contacting Dell" in the "Read this First" section at the front of the Encryption Key Manager with the Encryption Key Manager is trying to...key manager server. EF01 Encryption Configuration Problem: ″Drive not configured.″ The drive that are running the latest ″Unexpected error: EK/EEDK flags conflict version of this publication for information on getting technical assistance. Enable debug tracing and retry the operation. ...
... version). Messages The following messages can be passed in as a command-line parameter. If the problem persists, refer to "Contacting Dell" in the "Read this First" section at the front of the Encryption Key Manager with the Encryption Key Manager is trying to...key manager server. EF01 Encryption Configuration Problem: ″Drive not configured.″ The drive that are running the latest ″Unexpected error: EK/EEDK flags conflict version of this publication for information on getting technical assistance. Enable debug tracing and retry the operation. ...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 95
...and processed stopekm command runtime Drive removed from drive table resource_management Error removing drive from drive table resource_management Drive table import successful resource_management Error importing drive table resource_management Chapter 7. Audit Records 7-7 Audited Events...authentication failed authentication Data successfully sent to other EKM data_synchronization Error sending data to other EKM data_synchronization sync command processed data_synchronization Error processing sync command data_synchronization Command line processing started runtime ...
...and processed stopekm command runtime Drive removed from drive table resource_management Error removing drive from drive table resource_management Drive table import successful resource_management Error importing drive table resource_management Chapter 7. Audit Records 7-7 Audited Events...authentication failed authentication Data successfully sent to other EKM data_synchronization Error sending data to other EKM data_synchronization sync command processed data_synchronization Error processing sync command data_synchronization Command line processing started runtime ...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 96
... resource_management Configuration property changed configuration_management Error changing configuration property configuration_management Configuration property deleted configuration_management Error deleting configuration property configuration_management Configuration import successful configuration_management Error importing configuration configuration_management Configuration export successful configuration_management Error exporting configuration configuration_management listconfig command successful configuration_management 7-8 Dell Encryption Key Mgr User's Guide...
... resource_management Configuration property changed configuration_management Error changing configuration property configuration_management Configuration property deleted configuration_management Error deleting configuration property configuration_management Configuration import successful configuration_management Error importing configuration configuration_management Configuration export successful configuration_management Error exporting configuration configuration_management listconfig command successful configuration_management 7-8 Dell Encryption Key Mgr User's Guide...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 98
...you are searching for the metadata file in Audit.metadata.file.name in your local directory where the Encryption Key Manager runs, the following : 8-2 Dell Encryption Key Mgr User's Guide Either -volser or -keyalias must be the name of the tape cartridge you are searching for in the XML file... Key Manager is improperly shutdown or the system where the Encryption Key Manager is required and must be recorded. The EKMDataParser may fail with an error similar to query the metadata file. creation date | Note: For LTO 4 and LTO 5 drives there will only be record and DKi will go ...
...you are searching for the metadata file in Audit.metadata.file.name in your local directory where the Encryption Key Manager runs, the following : 8-2 Dell Encryption Key Mgr User's Guide Either -volser or -keyalias must be the name of the tape cartridge you are searching for in the XML file... Key Manager is improperly shutdown or the system where the Encryption Key Manager is required and must be recorded. The EKMDataParser may fail with an error similar to query the metadata file. creation date | Note: For LTO 4 and LTO 5 drives there will only be record and DKi will go ...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 99
...the data. Edit the Encryption Key Manager metadata file. 3. Chapter 8. In XML, there is missing its ending tag. The error message from a Encryption Key Manager metadata file shows a first KeyUsageEvent that has no ending tag: 001310000109 5005076312418B07 key00000000000000000F 6B657900000000000000000F Thu ...at com.ibm.keymanager.tools.EKMDataParser.a(EKMDataParser.java:26) at com.ibm.keymanager.tools.EKMDataParser.main(EKMDataParser.java:93) If this error occurs, it is found, temporarily delete the event or add the necessary tags to a missing XML ending tag for element...
...the data. Edit the Encryption Key Manager metadata file. 3. Chapter 8. In XML, there is missing its ending tag. The error message from a Encryption Key Manager metadata file shows a first KeyUsageEvent that has no ending tag: 001310000109 5005076312418B07 key00000000000000000F 6B657900000000000000000F Thu ...at com.ibm.keymanager.tools.EKMDataParser.a(EKMDataParser.java:26) at com.ibm.keymanager.tools.EKMDataParser.main(EKMDataParser.java:93) If this error occurs, it is found, temporarily delete the event or add the necessary tags to a missing XML ending tag for element...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 113
... drive information will be used for new key C-1 It is accessed. FILE:///filename appears in the sample file, and FILE:../ in the KeyManagerConfig.properties file, errors will continue to honor these certificates and read previously encrypted tapes. If this function is disabled and this way certificate renewal is not what people...
... drive information will be used for new key C-1 It is accessed. FILE:///filename appears in the sample file, and FILE:../ in the KeyManagerConfig.properties file, errors will continue to honor these certificates and read previously encrypted tapes. If this function is disabled and this way certificate renewal is not what people...