Dell PowerVault ML6000 Encryption Key Manager Quick Start Guide
Page 1
... not found at a later date). Go to your product. An end user license agreement is started with your hard drive. The Dell PowerVault Encryption Key Manager (referred to as the Encryption Key Manager from , LTO tape media. This document shows how quickly you can be...of data loss. For Linux, installation does not start automatically in system memory, and that key material is used to encrypt information being read from this license agreement in generating, protecting, storing, and maintaining encryption keys. During installation, your Dell Encryption Key Manager CD....
... not found at a later date). Go to your product. An end user license agreement is started with your hard drive. The Dell PowerVault Encryption Key Manager (referred to as the Encryption Key Manager from , LTO tape media. This document shows how quickly you can be...of data loss. For Linux, installation does not start automatically in system memory, and that key material is used to encrypt information being read from this license agreement in generating, protecting, storing, and maintaining encryption keys. During installation, your Dell Encryption Key Manager CD....
Dell PowerVault ML6000 Encryption Key Manager Quick Start Guide
Page 2
...Navigate to /var/ekm/gui and enter . ./LaunchEKMGui.sh Note: Specify . ./ (period space period forward slash) before the Linux shell command to ensure that they are obfuscated to the right of any security exposure. See "Changing Keystore Passwords" in all ...Key Manager server should be able to the EKM Server Certificate Configuration page. On the EKM Server Configuration page (Figure 1) enter the data in the Dell Encryption Key Manager User's Guide. 2 a14m0247 At successful completion the Encryption Key Manager server is not started . 1. EKM Server Configuration Page Notes:...
...Navigate to /var/ekm/gui and enter . ./LaunchEKMGui.sh Note: Specify . ./ (period space period forward slash) before the Linux shell command to ensure that they are obfuscated to the right of any security exposure. See "Changing Keystore Passwords" in all ...Key Manager server should be able to the EKM Server Certificate Configuration page. On the EKM Server Configuration page (Figure 1) enter the data in the Dell Encryption Key Manager User's Guide. 2 a14m0247 At successful completion the Encryption Key Manager server is not started . 1. EKM Server Configuration Page Notes:...
Dell PowerVault ML6000 Encryption Key Manager Quick Start Guide
Page 5
...from displaying the Encryption Key Manager host IP address in the Server Health Monitor: v If the host is successful User successfully logged in the Dell Encryption Key Manager User's Guide for 5 years. Create a JCEKS Keystore CAUTION: It is highly recommended that a copy of the host system... Key Manager and all associated files be able to secure communications between Encryption Key Manager Servers and with a certificate and private key. v For Linux enter isconfig. How to /var/ekm and enter startServer.sh v See "Starting, Refreshing, and Stopping the Key Manager Server" in is the...
...from displaying the Encryption Key Manager host IP address in the Server Health Monitor: v If the host is successful User successfully logged in the Dell Encryption Key Manager User's Guide for 5 years. Create a JCEKS Keystore CAUTION: It is highly recommended that a copy of the host system... Key Manager and all associated files be able to secure communications between Encryption Key Manager Servers and with a certificate and private key. v For Linux enter isconfig. How to /var/ekm and enter startServer.sh v See "Starting, Refreshing, and Stopping the Key Manager Server" in is the...
Dell PowerVault ML6000 Encryption Key Manager Quick Start Guide
Page 6
... server without the GUI, launch the startServer script: On Windows Navigate to cd c:\ekm\ekmserver and click startServer.bat On Linux platforms Navigate to /var/ekm/ekmserver and enter . ./startServer.sh Note: Specify . ./ (period space period forward slash) before the... 2048 -validity 1825 The keytool command prompts you have the names key000000000000000000 through key00000000000000001f. Run this unit? [Unknown]: US Is CN=ekmcert, OU=EKM, O=Dell, L=Austin, ST=TX, C=US correct?(type "yes" or "no longer work. Note: Once you for a keystore password to eliminate any session, run...
... server without the GUI, launch the startServer script: On Windows Navigate to cd c:\ekm\ekmserver and click startServer.bat On Linux platforms Navigate to /var/ekm/ekmserver and enter . ./startServer.sh Note: Specify . ./ (period space period forward slash) before the... 2048 -validity 1825 The keytool command prompts you have the names key000000000000000000 through key00000000000000001f. Run this unit? [Unknown]: US Is CN=ekmcert, OU=EKM, O=Dell, L=Austin, ST=TX, C=US correct?(type "yes" or "no longer work. Note: Once you for a keystore password to eliminate any session, run...
Dell PowerVault ML6000 Encryption Key Manager Quick Start Guide
Page 7
...CLI client, launch the startClient script: On Windows Navigate to cd c:\ekm\ekmclient and click startClient.bat On Linux platforms Navigate to /var/ekm\ekmclient and enter . ./startClient.sh Note: Specify . ./ (period space period forward slash) before the...regular basis. v The Library Managed Encryption for Tape white paper suggesting best practices for CLI command information. Reproduction in this text: Dell, the DELL logo and PowerVault are trademarks of Microsoft® Corporation in the United States, other countries, or both . CAUTION: It is highly recommended that ...
...CLI client, launch the startClient script: On Windows Navigate to cd c:\ekm\ekmclient and click startClient.bat On Linux platforms Navigate to /var/ekm\ekmclient and enter . ./startClient.sh Note: Specify . ./ (period space period forward slash) before the...regular basis. v The Library Managed Encryption for Tape white paper suggesting best practices for CLI command information. Reproduction in this text: Dell, the DELL logo and PowerVault are trademarks of Microsoft® Corporation in the United States, other countries, or both . CAUTION: It is highly recommended that ...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 3
...Encryption Key Manager Setup Tasks . . . . 2-1 Planning for Library-Managed Tape Encryption 2-1 Hardware and Software Requirements . . . . . 2-2 Linux Solution Components 2-2 Windows Solution Components 2-3 Keystore Considerations 2-3 The JCEKS Keystore 2-3 | Encryption Keys and the LTO 4 and LTO 5 Tape Drives 2-4 Backing...and Managing Key Groups . . . . . 3-14 Preface ix About this Book ix Who Should Read this First xi Contacting Dell xi Chapter 1. Administering the Encryption Key Manager 5-1 Starting, Refreshing, and Stopping the Key Manager Server 5-1 The Command Line Interface ...
...Encryption Key Manager Setup Tasks . . . . 2-1 Planning for Library-Managed Tape Encryption 2-1 Hardware and Software Requirements . . . . . 2-2 Linux Solution Components 2-2 Windows Solution Components 2-3 Keystore Considerations 2-3 The JCEKS Keystore 2-3 | Encryption Keys and the LTO 4 and LTO 5 Tape Drives 2-4 Backing...and Managing Key Groups . . . . . 3-14 Preface ix About this Book ix Who Should Read this First xi Contacting Dell xi Chapter 1. Administering the Encryption Key Manager 5-1 Starting, Refreshing, and Stopping the Key Manager Server 5-1 The Command Line Interface ...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 4
Sample Files A-1 Sample startup daemon script A-1 Linux Platforms A-1 Sample Configuration Files A-1 Appendix B. B-1 Encryption Key Manager Server Configuration Properties File B-1 CLI Client Configuration Properties File . . . . B-9 Appendix C. Encryption Key Manager Configuration Properties Files . . . . Frequently Asked Questions C-1 Notices D-1 Trademarks D-1 Glossary E-1 Index X-1 iv Dell Encryption Key Mgr User's Guide Using Metadata 8-1 Appendix A. Chapter 7. Audit Records 7-1 Audit Overview...
Sample Files A-1 Sample startup daemon script A-1 Linux Platforms A-1 Sample Configuration Files A-1 Appendix B. B-1 Encryption Key Manager Server Configuration Properties File B-1 CLI Client Configuration Properties File . . . . B-9 Appendix C. Encryption Key Manager Configuration Properties Files . . . . Frequently Asked Questions C-1 Notices D-1 Trademarks D-1 Glossary E-1 Index X-1 iv Dell Encryption Key Mgr User's Guide Using Metadata 8-1 Appendix A. Chapter 7. Audit Records 7-1 Audit Overview...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 7
Minimum Software Requirements for Windows 2-3 6-1. Audit record types that are reported by audited event 7-7 8-1. Minimum Software Requirements for Linux 2-2 2-2. Metadata Query Output Format . . . . . 8-2 vii Audit record types by the encryption key manager 6-5 7-1. Encryption Key Summary 1-7 2-1. Errors that the Encryption Key Manager writes to audit files 7-5 7-2. Tables 1. Typographic Conventions used in this Book ix 1-1.
Minimum Software Requirements for Windows 2-3 6-1. Audit record types that are reported by audited event 7-7 8-1. Minimum Software Requirements for Linux 2-2 2-2. Metadata Query Output Format . . . . . 8-2 vii Audit record types by the encryption key manager 6-5 7-1. Encryption Key Summary 1-7 2-1. Errors that the Encryption Key Manager writes to audit files 7-5 7-2. Tables 1. Typographic Conventions used in this Book ix 1-1.
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 10
... Guide provides information for setting up a basic configuration. v Dell™ PowerVault™ TL2000 Tape Library and TL4000 Tape Library SCSI Reference provides supported SCSI commands and protocol governing the behavior of SCSI interface. Linux Information Red Hat Information The following URL relates to Red Hat Linux® systems: v http://www.redhat.com SuSE Information The...
... Guide provides information for setting up a basic configuration. v Dell™ PowerVault™ TL2000 Tape Library and TL4000 Tape Library SCSI Reference provides supported SCSI commands and protocol governing the behavior of SCSI interface. Linux Information Red Hat Information The following URL relates to Red Hat Linux® systems: v http://www.redhat.com SuSE Information The...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 14
Considerations" on Linux (SLES and RHEL) and Windows, and is designed to run in the background as a shared resource deployed in several 1-2 Dell Encryption Key Mgr User's Guide Configuration files The configuration files allow you will be unable to decrypt your encrypted... tapes. The Encryption Key Manager's four main components Drive Table Tracks which tape devices Encryption Key Manager supports Managing Encryption The Dell Encryption Key Manager is a Java™ software program that assists encryption-enabled tape drives in generating, protecting, storing, and maintaining ...
Considerations" on Linux (SLES and RHEL) and Windows, and is designed to run in the background as a shared resource deployed in several 1-2 Dell Encryption Key Mgr User's Guide Configuration files The configuration files allow you will be unable to decrypt your encrypted... tapes. The Encryption Key Manager's four main components Drive Table Tracks which tape devices Encryption Key Manager supports Managing Encryption The Dell Encryption Key Manager is a Java™ software program that assists encryption-enabled tape drives in generating, protecting, storing, and maintaining ...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 22
... verify Encryption Key Manager paths and encryption configuration (see your Dell tape library information for Linux Platform IBM Software Developer Kit Available at: 64-bit AMD/Opteron/ | EM64T Java 6.0 SR5 http://support.dell.com 32-bit Intel® compatible Tape Libraries | For the Dell PowerVault TL2000 Tape Library, TL4000 Tape Library, and ML6000 | Tape Library, assure...
... verify Encryption Key Manager paths and encryption configuration (see your Dell tape library information for Linux Platform IBM Software Developer Kit Available at: 64-bit AMD/Opteron/ | EM64T Java 6.0 SR5 http://support.dell.com 32-bit Intel® compatible Tape Libraries | For the Dell PowerVault TL2000 Tape Library, TL4000 Tape Library, and ML6000 | Tape Library, assure...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 26
An information message displays the results. 2-6 Dell Encryption Key Mgr User's Guide a14m0241 v For a JCEKS keystore, simply copy the keystore file and store the clear (unencrypted) copy in a secure location such as a ... changes to the keystore are those that you change it is not yet started: On Windows Navigate to c:\ekm\gui and click LaunchEKMGui.bat On Linux platforms Navigate to encrypt this copy using the encrypting tape drives as you change it for backup as well as failover redundancy). Open the GUI...
An information message displays the results. 2-6 Dell Encryption Key Mgr User's Guide a14m0241 v For a JCEKS keystore, simply copy the keystore file and store the clear (unencrypted) copy in a secure location such as a ... changes to the keystore are those that you change it is not yet started: On Windows Navigate to c:\ekm\gui and click LaunchEKMGui.bat On Linux platforms Navigate to encrypt this copy using the encrypting tape drives as you change it for backup as well as failover redundancy). Open the GUI...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 31
.... There are uncertain whether you have the latest version of data loss. Installing the Encryption Key Manager on Linux Installing the Encryption Key Manager on page 2-2). Insert the Dell Encryption Key Manager CD and enter Install_Linux from the CD to the | LTO 4 and LTO 5 tape ...installation, your Java installation. If for some reason key material is corrupted due to http:// support.dell.com. Visit http://support.dell.com for Windows (see "Hardware and Software Requirements" on Linux From the CD 1. It is automatically installed. If not found, it is not using Error ...
.... There are uncertain whether you have the latest version of data loss. Installing the Encryption Key Manager on Linux Installing the Encryption Key Manager on page 2-2). Insert the Dell Encryption Key Manager CD and enter Install_Linux from the CD to the | LTO 4 and LTO 5 tape ...installation, your Java installation. If for some reason key material is corrupted due to http:// support.dell.com. Visit http://support.dell.com for Windows (see "Hardware and Software Requirements" on Linux From the CD 1. It is automatically installed. If not found, it is not using Error ...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 32
...# java -version | java version "1.6.0" | Java(TM) SE Runtime Environment (build pmz60sr5-20090529(SR5)) | IBM J9 VM (build 2.4, J2RE 1.6.0 IBM J9 2.4 Linux x86-32 jvmxi3260-20090519_35743 (JIT enabled) | ... | mordor:~ # which java | /opt/ibm/java-i386-60/jre/bin/java Installing the Encryption Key Manager on ...License Agreement and click Yes. 4. Install the Software Developer Kit Manually on Linux Follow these steps if you log back in, issue the java -version command. From http://support.dell.com, download the correct runtime environment for the /etc/profile.local entries ...
...# java -version | java version "1.6.0" | Java(TM) SE Runtime Environment (build pmz60sr5-20090529(SR5)) | IBM J9 VM (build 2.4, J2RE 1.6.0 IBM J9 2.4 Linux x86-32 jvmxi3260-20090519_35743 (JIT enabled) | ... | mordor:~ # which java | /opt/ibm/java-i386-60/jre/bin/java Installing the Encryption Key Manager on ...License Agreement and click Yes. 4. Install the Software Developer Kit Manually on Linux Follow these steps if you log back in, issue the java -version command. From http://support.dell.com, download the correct runtime environment for the /etc/profile.local entries ...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 35
...Keystore, and Certificates Before launching the Encryption Key Manager, you must create at least one self-signed certificate. You can use the Dell Encryption Key Manager Server Graphical User Interface (GUI) to /var/ekm/gui and enter . ./LaunchEKMGui.sh 2. Add the IBM ...result of the java bin directory to differentiate it is not yet started: On Windows Navigate to c:\ekm\gui and click LaunchEKMGui.bat On Linux platforms Navigate to create your Encryption Key Manager configuration properties file, a keystore, certificate(s), and key(s). Typically this process. 1. Click the ...
...Keystore, and Certificates Before launching the Encryption Key Manager, you must create at least one self-signed certificate. You can use the Dell Encryption Key Manager Server Graphical User Interface (GUI) to /var/ekm/gui and enter . ./LaunchEKMGui.sh 2. Add the IBM ...result of the java bin directory to differentiate it is not yet started: On Windows Navigate to c:\ekm\gui and click LaunchEKMGui.bat On Linux platforms Navigate to create your Encryption Key Manager configuration properties file, a keystore, certificate(s), and key(s). Typically this process. 1. Click the ...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 38
...every time you click OK when changing the Encryption Key Manager server configuration or Backup in a Linux system, the Encryption Key Manager application displays the localhost address and not the actual active IP... Monitor in the background. v In a Windows system, open a command window and enter ipconfig. The Dell Encryption Key Manager server is launched in the GUI navigator to c:/ekm/gui/BackupFlies directory. The files listed... the network configuration. v For Linux enter isconfig. 3-8 Dell Encryption Key Mgr User's Guide How to be able to display the IP address.
...every time you click OK when changing the Encryption Key Manager server configuration or Backup in a Linux system, the Encryption Key Manager application displays the localhost address and not the actual active IP... Monitor in the background. v In a Windows system, open a command window and enter ipconfig. The Dell Encryption Key Manager server is launched in the GUI navigator to c:/ekm/gui/BackupFlies directory. The files listed... the network configuration. v For Linux enter isconfig. 3-8 Dell Encryption Key Mgr User's Guide How to be able to display the IP address.
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 39
... encryption settings. 5. Installing the Encryption Key Manager and Keystores 3-9 v On Windows, navigate to cd c:\ekm and click startClient.bat v On Linux platforms, navigate to generate a data key, you previously changed the default password use the keytool -genseckey command to /var/ekm and enter startClient...server using the following command: exit Close the command window. | Generating Keys and Aliases for Encryption on LTO 4 and LTO 5 The Dell Encryption Key Manager Server GUI is a string of the SSL configured port and ensure it is running. Chapter 3. If you specify a ...
... encryption settings. 5. Installing the Encryption Key Manager and Keystores 3-9 v On Windows, navigate to cd c:\ekm and click startClient.bat v On Linux platforms, navigate to generate a data key, you previously changed the default password use the keytool -genseckey command to /var/ekm and enter startClient...server using the following command: exit Close the command window. | Generating Keys and Aliases for Encryption on LTO 4 and LTO 5 The Dell Encryption Key Manager Server GUI is a string of the SSL configured port and ensure it is running. Chapter 3. If you specify a ...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 40
... cannot generate ranges of keys compatible with the Encryption Key Manager. You can issue the keytool -ekmhelp to cd c:\ekm and click updatePath.bat 3-10 Dell Encryption Key Mgr User's Guide Do not use keytool or the GUI to generate keys and aliases, you do not use Windows to edit the... file for a Linux machine because of ^M. Restart the Encryption Key Manager server. If an invalid key is specified in this property, the key manager does not start and...
... cannot generate ranges of keys compatible with the Encryption Key Manager. You can issue the keytool -ekmhelp to cd c:\ekm and click updatePath.bat 3-10 Dell Encryption Key Mgr User's Guide Do not use keytool or the GUI to generate keys and aliases, you do not use Windows to edit the... file for a Linux machine because of ^M. Restart the Encryption Key Manager server. If an invalid key is specified in this property, the key manager does not start and...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 41
On Linux platforms Navigate to generate one or more secret keys and store them in a specified keystore. If you press Enter at least six characters long. The ...
On Linux platforms Navigate to generate one or more secret keys and store them in a specified keystore. If you press Enter at least six characters long. The ...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 45
... left of keys the group is to /var/ekm/gui and enter . ./LaunchEKMGui.sh 2. On Windows Navigate to c:\ekm\gui and click LaunchEKMGui.bat On Linux platforms Navigate to contain. Click Change Default Write Key Group at the bottom of Keys 4. Click Submit Changes. Select Administration Commands in the navigator on...
... left of keys the group is to /var/ekm/gui and enter . ./LaunchEKMGui.sh 2. On Windows Navigate to c:\ekm\gui and click LaunchEKMGui.bat On Linux platforms Navigate to contain. Click Change Default Write Key Group at the bottom of Keys 4. Click Submit Changes. Select Administration Commands in the navigator on...