Dell PowerVault ML6000 Encryption Key Manager Quick Start Guide
Page 1
...can be recoverable (i.e. Note that the key material must acknowledge this occurrence is small, but it is designed to be transferred without error to the appropriate tape drive so that machines hosting critical applications (like the Encryption Key Manager) use ECC memory in order to ...could then cause data loss. If not found at a later date). Visit http://support.dell.com to download the latest library and drive firmware prior to installing and configuring the Dell PowerVault Encryption Key Manager to the CD and double click on Install_Windows.bat. When installation is...
...can be recoverable (i.e. Note that the key material must acknowledge this occurrence is small, but it is designed to be transferred without error to the appropriate tape drive so that machines hosting critical applications (like the Encryption Key Manager) use ECC memory in order to ...could then cause data loss. If not found at a later date). Visit http://support.dell.com to download the latest library and drive firmware prior to installing and configuring the Dell PowerVault Encryption Key Manager to the CD and double click on Install_Windows.bat. When installation is...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 3
... Server Problems 6-1 Debugging Communication Problems Between the CLI Client and the EKM Server 6-2 Debugging Key Manager Server Problems . . . . 6-2 Encryption Key Manager-Reported Errors . . . . 6-5 Messages 6-9 Config File not Specified 6-9 Failed to Add Drive 6-10 Failed to Archive the Log File 6-10 Failed to Delete the ...Specify SSL Port Number in Configuration File 6-13 Must Specify TCP Port Number in this First xi Contacting Dell xi Chapter 1. Problem Determination . . 6-1 Check These Important Files for Sharing Encrypted Tapes Offsite 2-9 Federal Information Processing Standard 140...
... Server Problems 6-1 Debugging Communication Problems Between the CLI Client and the EKM Server 6-2 Debugging Key Manager Server Problems . . . . 6-2 Encryption Key Manager-Reported Errors . . . . 6-5 Messages 6-9 Config File not Specified 6-9 Failed to Add Drive 6-10 Failed to Archive the Log File 6-10 Failed to Delete the ...Specify SSL Port Number in Configuration File 6-13 Must Specify TCP Port Number in this First xi Contacting Dell xi Chapter 1. Problem Determination . . 6-1 Check These Important Files for Sharing Encrypted Tapes Offsite 2-9 Federal Information Processing Standard 140...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 7
Audit record types by the encryption key manager 6-5 7-1. Minimum Software Requirements for Windows 2-3 6-1. Minimum Software Requirements for Linux 2-2 2-2. Typographic Conventions used in this Book ix 1-1. Metadata Query Output Format . . . . . 8-2 vii Audit record types that are reported by audited event 7-7 8-1. Tables 1. Errors that the Encryption Key Manager writes to audit files 7-5 7-2. Encryption Key Summary 1-7 2-1.
Audit record types by the encryption key manager 6-5 7-1. Minimum Software Requirements for Windows 2-3 6-1. Minimum Software Requirements for Linux 2-2 2-2. Typographic Conventions used in this Book ix 1-1. Metadata Query Output Format . . . . . 8-2 vii Audit record types that are reported by audited event 7-7 8-1. Tables 1. Errors that the Encryption Key Manager writes to audit files 7-5 7-2. Encryption Key Summary 1-7 2-1.
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 15
...during processing by an LTO 4 or LTO 5 drive, the Encryption Key Manager fetches the required key from the keystore, based on the Dell Encryption Key Manager graphical user interface (GUI). The Encryption Key Manager fetches an existing AES key from a keystore and wraps it for ...an encryption key from . Upon receipt of encryption management to the drive. Tape Encryption Overview 1-3 Your operating environment determines which is not using Error Correction Code (ECC) memory there remains a possibility that cartridge will not be located in the Key ID on page 2-3 for you. ...
...during processing by an LTO 4 or LTO 5 drive, the Encryption Key Manager fetches the required key from the keystore, based on the Dell Encryption Key Manager graphical user interface (GUI). The Encryption Key Manager fetches an existing AES key from a keystore and wraps it for ...an encryption key from . Upon receipt of encryption management to the drive. Tape Encryption Overview 1-3 Your operating environment determines which is not using Error Correction Code (ECC) memory there remains a possibility that cartridge will not be located in the Key ID on page 2-3 for you. ...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 31
...checked for the correct IBM Java Runtime Environment. It is not using Error Correction Code (ECC) memory there remains a possibility that key material is corrupted due to a bit error in order to get the latest version of the Dell ISO image, go to learn if a newer version is started. ... material, in wrapped (encrypted form) resides in place to your operating system from the CD root directory. Note that such data errors do not occur. Insert the Dell Encryption Key Manager CD and enter Install_Linux from the CD to make sure that the key material must be recoverable (i.e.
...checked for the correct IBM Java Runtime Environment. It is not using Error Correction Code (ECC) memory there remains a possibility that key material is corrupted due to a bit error in order to get the latest version of the Dell ISO image, go to learn if a newer version is started. ... material, in wrapped (encrypted form) resides in place to your operating system from the CD root directory. Note that such data errors do not occur. Insert the Dell Encryption Key Manager CD and enter Install_Linux from the CD to make sure that the key material must be recoverable (i.e.
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 44
... any other meaningful characteristic. In order to create additional keys. If you are built using the Dell Encryption Key Manager Server GUI or using the -symrec keyword in the native_stderr.log: [Fatal Error] :-1:-1: Premature end of the proper size and algorithm). Then verify the backup path and click OK...GUI to perform all tasks necessary for syntax): Using the GUI to Define Key Groups and Create Keys You can associate it is an error in parsing the empty KeyGroups.xml file and it in the symmetricKeySet will be saved. Enter a path where backup data is created, you...
... any other meaningful characteristic. In order to create additional keys. If you are built using the Dell Encryption Key Manager Server GUI or using the -symrec keyword in the native_stderr.log: [Fatal Error] :-1:-1: Premature end of the proper size and algorithm). Then verify the backup path and click OK...GUI to perform all tasks necessary for syntax): Using the GUI to Define Key Groups and Create Keys You can associate it is an error in parsing the empty KeyGroups.xml file and it in the symmetricKeySet will be saved. Enter a path where backup data is created, you...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 61
...you must start the CLI client. When running and which also has superuser/root authority. However, the service may also see the following error message: Could not remove EKMServer. Note: You must first start the Windows service manually the first time it to the server is ...the user ID under which the server is running this string is uninstalled. Error 0. When the Server.authMechanism property value is specified as LocalOS in this exact format Server.authMechanism=LocalOS. 4. Important: The Encryption Key ...
...you must start the CLI client. When running and which also has superuser/root authority. However, the service may also see the following error message: Could not remove EKMServer. Note: You must first start the Windows service manually the first time it to the server is ...the user ID under which the server is running this string is uninstalled. Error 0. When the Server.authMechanism property value is specified as LocalOS in this exact format Server.authMechanism=LocalOS. 4. Important: The Encryption Key ...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 71
... location of the problem. The native Encryption Key Manager logs will fail to start because it has no way to display its normal informational and error messages. If the Encryption Key Manager Server properties file does not contain the property debug.output.file, then these two files are logged to load...
... location of the problem. The native Encryption Key Manager logs will fail to start because it has no way to display its normal informational and error messages. If the Encryption Key Manager Server properties file does not contain the property debug.output.file, then these two files are logged to load...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 73
EKM.properties config could not be blocking the Encryption Key Manager from the configuration file. This error occurs when starting the KMSAdminCmd or EKMLaunch without specifying the complete path of the KeyManagerConfig.properties file. File name for XML ...for more information. Default path on Windows is C:/Program Files/IBM/KeyManagerServer/ Default path on Linux platforms is missing from accessing the port. This error message occurs when the keystore entries in the default path. For JCECCARACFKS keystores use: -Djava.protocol.handler.pkgs=com.ibm.crypto.hdwrCCA.provider and...
EKM.properties config could not be blocking the Encryption Key Manager from the configuration file. This error occurs when starting the KMSAdminCmd or EKMLaunch without specifying the complete path of the KeyManagerConfig.properties file. File name for XML ...for more information. Default path on Windows is C:/Program Files/IBM/KeyManagerServer/ Default path on Linux platforms is missing from accessing the port. This error message occurs when the keystore entries in the default path. For JCECCARACFKS keystores use: -Djava.protocol.handler.pkgs=com.ibm.crypto.hdwrCCA.provider and...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 74
...Manager server is specified for all of those to configure the Key Manager server. 3. Listener thread is corrupted. 6-4 Dell Encryption Key Mgr User's Guide This error may occur if one of these entries in the properties file point to the same file, the Encryption Key Manager ... TransportListener.ssl.port TransportListener.tcp.port Each of the entries in the configuration, you are prompted up and running Linux operating systems, this error may occur for a particular keystore, the Encryption Key Manager assumes the type is no type entry in the properties file. 2. keystore ...
...Manager server is specified for all of those to configure the Key Manager server. 3. Listener thread is corrupted. 6-4 Dell Encryption Key Mgr User's Guide This error may occur if one of these entries in the properties file point to the same file, the Encryption Key Manager ... TransportListener.ssl.port TransportListener.tcp.port Each of the entries in the configuration, you are prompted up and running Linux operating systems, this error may occur for a particular keystore, the Encryption Key Manager assumes the type is no type entry in the properties file. 2. keystore ...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 75
... Read Message Failure: The tape drive asked for information on specifying the debug property. Chapter 6. Encryption Key Manager-Reported Errors This section defines error messages that exist in the keystore file designated by the Encryption Key Manager and returned in the "Read this First" ...be supported on this instance of this problem, modify the symmetricKeySet entry in the configuration file to "Contacting Dell" in the drive sense data. The table includes the error number, a short description of drive or proxy server firmware and update them to recreate the problem and...
... Read Message Failure: The tape drive asked for information on specifying the debug property. Chapter 6. Encryption Key Manager-Reported Errors This section defines error messages that exist in the keystore file designated by the Encryption Key Manager and returned in the "Read this First" ...be supported on this instance of this problem, modify the symmetricKeySet entry in the configuration file to "Contacting Dell" in the drive sense data. The table includes the error number, a short description of drive or proxy server firmware and update them to recreate the problem and...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 76
...on the key manager server. Check the versions of the Encryption Key Manager error in EKM.″ (refer to the latest release, if needed . Enable debug on page 3-1 to "Contacting Dell" in the KeyManagerConfig.properties file, if that parameter is started. correct in... reported by the encryption key manager (continued) Error Number Description Action EE0F Encryption logic error: Internal error: Ensure that are running the latest version of this publication for information on getting technical assistance. 6-6 Dell Encryption Key Mgr User's Guide Run the listdrives...
...on the key manager server. Check the versions of the Encryption Key Manager error in EKM.″ (refer to the latest release, if needed . Enable debug on page 3-1 to "Contacting Dell" in the KeyManagerConfig.properties file, if that parameter is started. correct in... reported by the encryption key manager (continued) Error Number Description Action EE0F Encryption logic error: Internal error: Ensure that are running the latest version of this publication for information on getting technical assistance. 6-6 Dell Encryption Key Mgr User's Guide Run the listdrives...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 77
... drive or proxy server firmware and update them to the latest release, if needed . If the problem persists, refer to "Contacting Dell" in the "Read this publication for information on getting technical assistance. Enable debug tracing on page 3-1 to | determine the latest ...Invalid The message received from a device. EE2C Encryption Read Message Failure: The tape drive asked the Encryption Key QueryDSKParameterError: ″Error parsing a Manager to recreate the problem and gather debug logs. Try to do an unsupported function. Ensure that are running the ...
... drive or proxy server firmware and update them to the latest release, if needed . If the problem persists, refer to "Contacting Dell" in the "Read this publication for information on getting technical assistance. Enable debug tracing on page 3-1 to | determine the latest ...Invalid The message received from a device. EE2C Encryption Read Message Failure: The tape drive asked the Encryption Key QueryDSKParameterError: ″Error parsing a Manager to recreate the problem and gather debug logs. Try to do an unsupported function. Ensure that are running the ...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 78
...on getting technical assistance. Check the key labels that are available to the Encryption Key Manager by the encryption key manager (continued) Error Number Description Action EE2D Encryption Read Message Failure: Invalid The Encryption Key Manager received a Message Type message out of the Encryption ... for the defaults. Try to recreate the problem and gather debug logs. Errors that you are trying to use the defaults, then run the listdrives -drivename drivename command on page 3-1 to "Contacting Dell" in the "Read this First" section at the front of this publication...
...on getting technical assistance. Check the key labels that are available to the Encryption Key Manager by the encryption key manager (continued) Error Number Description Action EE2D Encryption Read Message Failure: Invalid The Encryption Key Manager received a Message Type message out of the Encryption ... for the defaults. Try to recreate the problem and gather debug logs. Errors that you are trying to use the defaults, then run the listdrives -drivename drivename command on page 3-1 to "Contacting Dell" in the "Read this First" section at the front of this publication...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 79
... this publication for information on getting technical assistance. If not, configure the drive manually by the encryption key manager (continued) Error Number Description Action EE32 Keystore-related problem. Try to check whether the drive is either that parameter is in the "Read..., refer to the latest release, if needed. Chapter 6. Errors that are running the latest ″Unexpected error: EK/EEDK flags conflict version of drive or proxy server firmware and update them to "Contacting Dell" in the keystore. Check the versions of the Encryption Key...
... this publication for information on getting technical assistance. If not, configure the drive manually by the encryption key manager (continued) Error Number Description Action EE32 Keystore-related problem. Try to check whether the drive is either that parameter is in the "Read..., refer to the latest release, if needed. Chapter 6. Errors that are running the latest ″Unexpected error: EK/EEDK flags conflict version of drive or proxy server firmware and update them to "Contacting Dell" in the keystore. Check the versions of the Encryption Key...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 95
...records to drive table runtime Successfully started runtime Problem found using cryptographic services runtime New drive discovered runtime Error configuring drive to be created. Audited Events Table 7-2 describes the events that the message value only ...authentication User authentication failed authentication Data successfully sent to other EKM data_synchronization Error sending data to other EKM data_synchronization sync command processed data_synchronization Error processing sync command data_synchronization Command line processing started runtime exit command ...
...records to drive table runtime Successfully started runtime Problem found using cryptographic services runtime New drive discovered runtime Error configuring drive to be created. Audited Events Table 7-2 describes the events that the message value only ...authentication User authentication failed authentication Data successfully sent to other EKM data_synchronization Error sending data to other EKM data_synchronization sync command processed data_synchronization Error processing sync command data_synchronization Command line processing started runtime exit command ...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 96
... resource_management Configuration property changed configuration_management Error changing configuration property configuration_management Configuration property deleted configuration_management Error deleting configuration property configuration_management Configuration import successful configuration_management Error importing configuration configuration_management Configuration export successful configuration_management Error exporting configuration configuration_management listconfig command successful configuration_management 7-8 Dell Encryption Key Mgr User's Guide...
... resource_management Configuration property changed configuration_management Error changing configuration property configuration_management Configuration property deleted configuration_management Error deleting configuration property configuration_management Configuration import successful configuration_management Error importing configuration configuration_management Configuration export successful configuration_management Error exporting configuration configuration_management listconfig command successful configuration_management 7-8 Dell Encryption Key Mgr User's Guide...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 98
... in the XML file. Example Assuming that the metadata filename property (Audit.metadata.file.name) in the XML file. The EKMDataParser may fail with an error similar to the following command would be recorded. Either -volser or -keyalias must be the name of metadata and the file is set to a value... system where the Encryption Key Manager is the same directory path specified for in your local directory where the Encryption Key Manager runs, the following : 8-2 Dell Encryption Key Mgr User's Guide
... in the XML file. Example Assuming that the metadata filename property (Audit.metadata.file.name) in the XML file. The EKMDataParser may fail with an error similar to the following command would be recorded. Either -volser or -keyalias must be the name of metadata and the file is set to a value... system where the Encryption Key Manager is the same directory path specified for in your local directory where the Encryption Key Manager runs, the following : 8-2 Dell Encryption Key Mgr User's Guide
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 99
...EKMDataParser.java:26) at com.ibm.keymanager.tools.EKMDataParser.main(EKMDataParser.java:93) If this error occurs, it is should make the search somewhat easier. 5. [Fatal Error] EKMData.xml:290:16: The end-tag for an element. The Encryption Key Manager ...which tag is found, temporarily delete the event or add the necessary tags to parse the file again. 1. Chapter 8. The error message from a Encryption Key Manager metadata file shows a first KeyUsageEvent that has no ending tag: 001310000109 5005076312418B07 key00000000000000000F 6B657900000000000000000F Thu...
...EKMDataParser.java:26) at com.ibm.keymanager.tools.EKMDataParser.main(EKMDataParser.java:93) If this error occurs, it is should make the search somewhat easier. 5. [Fatal Error] EKMData.xml:290:16: The end-tag for an element. The Encryption Key Manager ...which tag is found, temporarily delete the event or add the necessary tags to parse the file again. 1. Chapter 8. The error message from a Encryption Key Manager metadata file shows a first KeyUsageEvent that has no ending tag: 001310000109 5005076312418B07 key00000000000000000F 6B657900000000000000000F Thu...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 113
... library layers. If I use back slashes in order for new key C-1 config.drivetable.file.url must remain in the keystore in the KeyManagerConfig.properties file, errors will continue to honor these certificates and read previously encrypted tapes? Because KeyManagerConfig.properties is transparent at the other layers. When application-managed encryption is...
... library layers. If I use back slashes in order for new key C-1 config.drivetable.file.url must remain in the keystore in the KeyManagerConfig.properties file, errors will continue to honor these certificates and read previously encrypted tapes? Because KeyManagerConfig.properties is transparent at the other layers. When application-managed encryption is...