Dell PowerVault ML6000 Encryption Key Manager Quick Start Guide
Page 1
... encrypt information being read from this occurrence is small, but it is not using commands. If not found at a later date). The Dell PowerVault Encryption Key Manager (referred to that machines hosting the Dell Encryption Key Manager program use ECC memory. decrypted at : http://support.dell.com or on LTO Gen 4 and LTO Gen 5 tape drives.
... encrypt information being read from this occurrence is small, but it is not using commands. If not found at a later date). The Dell PowerVault Encryption Key Manager (referred to that machines hosting the Dell Encryption Key Manager program use ECC memory. decrypted at : http://support.dell.com or on LTO Gen 4 and LTO Gen 5 tape drives.
Dell PowerVault ML6000 Encryption Key Manager Quick Start Guide
Page 6
... slash) before the Linux shell command to set the keystore password, do not change it unless it's security has been breached. For LTO encryption, the Encryption Key Manager needs a number of your Encryption Key Manager identification. Please note the keystore password entered here as the ...Press Enter again when prompted for a keystore password to have the keystore file created in this unit? [Unknown]: US Is CN=ekmcert, OU=EKM, O=Dell, L=Austin, ST=TX, C=US correct?(type "yes" or "no longer work. Changing the keystore password requires that allows your State or Province? ...
... slash) before the Linux shell command to set the keystore password, do not change it unless it's security has been breached. For LTO encryption, the Encryption Key Manager needs a number of your Encryption Key Manager identification. Please note the keystore password entered here as the ...Press Enter again when prompted for a keystore password to have the keystore file created in this unit? [Unknown]: US Is CN=ekmcert, OU=EKM, O=Dell, L=Austin, ST=TX, C=US correct?(type "yes" or "no longer work. Changing the keystore password requires that allows your State or Province? ...
Dell PowerVault ML6000 Encryption Key Manager Quick Start Guide
Page 7
.... Use the quit command to shut down automatically when unused for LTO tape encryption (available at http://support.dell.com). v The Library Managed Encryption for Tape white paper suggesting best practices for 10 minutes. in any CLI commands. Start the...in this document is a trademark of recovering the encrypted data. Windows is a registered trademark of Microsoft® Corporation in this text: Dell, the DELL logo and PowerVault are lost or corrupted, there is strictly forbidden. CAUTION: It is successfully logged into the key manager server, you are trademarks of...
.... Use the quit command to shut down automatically when unused for LTO tape encryption (available at http://support.dell.com). v The Library Managed Encryption for Tape white paper suggesting best practices for 10 minutes. in any CLI commands. Start the...in this document is a trademark of recovering the encrypted data. Windows is a registered trademark of Microsoft® Corporation in this text: Dell, the DELL logo and PowerVault are lost or corrupted, there is strictly forbidden. CAUTION: It is successfully logged into the key manager server, you are trademarks of...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 3
.... . . . 2-2 Linux Solution Components 2-2 Windows Solution Components 2-3 Keystore Considerations 2-3 The JCEKS Keystore 2-3 | Encryption Keys and the LTO 4 and LTO 5 Tape Drives 2-4 Backing up Keystore Data 2-5 Multiple Key Managers for Redundancy . . . 2-7 Encryption Key Manager Server Configurations 2-7 Disaster... 6-13 Must Specify SSL Port Number in Configuration File 6-13 Must Specify TCP Port Number in this First xi Contacting Dell xi Chapter 1. Tape Encryption Overview Components Managing Encryption Application-Managed Tape Encryption . . . About Encryption Keys 1-1 . ...
.... . . . 2-2 Linux Solution Components 2-2 Windows Solution Components 2-3 Keystore Considerations 2-3 The JCEKS Keystore 2-3 | Encryption Keys and the LTO 4 and LTO 5 Tape Drives 2-4 Backing up Keystore Data 2-5 Multiple Key Managers for Redundancy . . . 2-7 Encryption Key Manager Server Configurations 2-7 Disaster... 6-13 Must Specify SSL Port Number in Configuration File 6-13 Must Specify TCP Port Number in this First xi Contacting Dell xi Chapter 1. Tape Encryption Overview Components Managing Encryption Application-Managed Tape Encryption . . . About Encryption Keys 1-1 . ...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 5
... Encryption Key Manager's four main components 1-2 Two possible locations for encryption policy engine and key management. . . . . . 1-4 Encryption Using Symmetric Encryption Keys 1-6 LTO 4 or LTO 5 Tape Drive Request for Encryption Write Operation 2-4 LTO 4 or LTO 5 Tape Drive Request for Encryption Read Operation 2-5 Backup Critical Files Window . . . . . 2-6 Single Server Configuration 2-7 Two Servers with Shared Configurations 2-8 Two...
... Encryption Key Manager's four main components 1-2 Two possible locations for encryption policy engine and key management. . . . . . 1-4 Encryption Using Symmetric Encryption Keys 1-6 LTO 4 or LTO 5 Tape Drive Request for Encryption Write Operation 2-4 LTO 4 or LTO 5 Tape Drive Request for Encryption Read Operation 2-5 Backup Critical Files Window . . . . . 2-6 Single Server Configuration 2-7 Two Servers with Shared Configurations 2-8 Two...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 9
It assumes the reader has a working knowledge of the Dell™ Encryption Key Manager. Italicized words or characters represent variable values that you must use a power screwdriver to data. Attention Notice An attention notice ... Used in a list of Encryption Key Manager servers in this Book This book is not required. It includes concepts and procedures pertaining to: | v Encryption-capable LTO 4 and LTO 5 Tape Drives v Cryptographic keys v Digital certificates Who Should Read this Book Convention bold constant width italic [item] {item} | Usage Bold words or characters ...
It assumes the reader has a working knowledge of the Dell™ Encryption Key Manager. Italicized words or characters represent variable values that you must use a power screwdriver to data. Attention Notice An attention notice ... Used in a list of Encryption Key Manager servers in this Book This book is not required. It includes concepts and procedures pertaining to: | v Encryption-capable LTO 4 and LTO 5 Tape Drives v Cryptographic keys v Digital certificates Who Should Read this Book Convention bold constant width italic [item] {item} | Usage Bold words or characters ...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 10
...the following publications for more information: v Getting Started with the Dell™ PowerVault™ TL2000 and TL4000 Tape Libraries provides installation information. x Dell Encryption Key Mgr User's Guide Visit http://www.dell.com for the following related publication: The Library Managed Encryption for... Tape white paper suggests best practices for LTO tape encryption. v Dell™ PowerVault™ TL2000 Tape Library and TL4000 Tape Library SCSI Reference provides supported SCSI commands and protocol governing the...
...the following publications for more information: v Getting Started with the Dell™ PowerVault™ TL2000 and TL4000 Tape Libraries provides installation information. x Dell Encryption Key Mgr User's Guide Visit http://www.dell.com for the following related publication: The Library Managed Encryption for... Tape white paper suggests best practices for LTO tape encryption. v Dell™ PowerVault™ TL2000 Tape Library and TL4000 Tape Library SCSI Reference provides supported SCSI commands and protocol governing the...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 13
... the use of several kinds of the Java runtime environment. The Dell Encryption Key Manager (referred to as the Encryption Key Manager from this point forward) simplifies encryption tasks. | The LTO 4 and LTO 5 drives are capable of encrypting data as part of the Java...new capability adds a strong measure of Java keystores are encrypted and the mechanism for more information. Encryption Policy This is desired, Dell Encryption Key Manager performs all necessary key management tasks. Several types of security to control its cryptographic capabilities. (For more detail. ...
... the use of several kinds of the Java runtime environment. The Dell Encryption Key Manager (referred to as the Encryption Key Manager from this point forward) simplifies encryption tasks. | The LTO 4 and LTO 5 drives are capable of encrypting data as part of the Java...new capability adds a strong measure of Java keystores are encrypted and the mechanism for more information. Encryption Policy This is desired, Dell Encryption Key Manager performs all necessary key management tasks. Several types of security to control its cryptographic capabilities. (For more detail. ...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 15
...Encryption Key Manager for your solution, as well as a background process awaiting key generation or key retrieval requests sent to the | LTO 4 and LTO 5 tape drives. IMPORTANT Encryption Key Manager HOST SERVER CONFIGURATION INFORMATION: It is not using Error Correction Code (ECC) memory there...Manager fetches an existing AES key from the Encryption Key Manager. locations within an enterprise. See "Keystore Considerations" on the Dell Encryption Key Manager graphical user interface (GUI). These methods differ in where the encryption policy engine resides, where key management is...
...Encryption Key Manager for your solution, as well as a background process awaiting key generation or key retrieval requests sent to the | LTO 4 and LTO 5 tape drives. IMPORTANT Encryption Key Manager HOST SERVER CONFIGURATION INFORMATION: It is not using Error Correction Code (ECC) memory there...Manager fetches an existing AES key from the Encryption Key Manager. locations within an enterprise. See "Keystore Considerations" on the Dell Encryption Key Manager graphical user interface (GUI). These methods differ in where the encryption policy engine resides, where key management is...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 17
...library-to decrypt. Both the IBM and T10 methods of user or host data, and asymmetric encryption (which is used for LTO 4 and LTO 5 tape drives in the public/private key pair. When an asymmetric key pair is generated, the public key is used...manage encryption policies and keys. The responsibility for generating AES keys and the manner in : v Dell™ PowerVault™ TL2000 Tape Library v Dell™ PowerVault™ TL4000 Tape Library v Dell™ PowerVault™ ML6000 Tape Library See your tape backup software application documentation to learn how to encrypt, and...
...library-to decrypt. Both the IBM and T10 methods of user or host data, and asymmetric encryption (which is used for LTO 4 and LTO 5 tape drives in the public/private key pair. When an asymmetric key pair is generated, the public key is used...manage encryption policies and keys. The responsibility for generating AES keys and the manner in : v Dell™ PowerVault™ TL2000 Tape Library v Dell™ PowerVault™ TL4000 Tape Library v Dell™ PowerVault™ ML6000 Tape Library See your tape backup software application documentation to learn how to encrypt, and...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 18
... available to the application in order for the volume to be read. | LTO 4 and LTO 5 Tape Drives can use applications such as Yosemite (for Dell PowerVault TL2000 and TL4000 Tape Libraries), CommVault, and Symantec Backup Exec for application-managed encryption. | Alternatively, LTO 4 and LTO 5 Tape Drives can use it to organize your symmetric keys for the volume...
... available to the application in order for the volume to be read. | LTO 4 and LTO 5 Tape Drives can use applications such as Yosemite (for Dell PowerVault TL2000 and TL4000 Tape Libraries), CommVault, and Symantec Backup Exec for application-managed encryption. | Alternatively, LTO 4 and LTO 5 Tape Drives can use it to organize your symmetric keys for the volume...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 19
Tape Encryption Overview 1-7 Encryption Key Summary Encryption Management Keys used to manage the encryption. | For transparent encryption of LTO 4 and LTO 5, (that is, using library-managed encryption with the Encryption Key Manager,) the uniqueness of pre-generated keys to the Encryption Key Manager. Table 1-1. In Summary ...
Tape Encryption Overview 1-7 Encryption Key Summary Encryption Management Keys used to manage the encryption. | For transparent encryption of LTO 4 and LTO 5, (that is, using library-managed encryption with the Encryption Key Manager,) the uniqueness of pre-generated keys to the Encryption Key Manager. Table 1-1. In Summary ...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 21
... on. (See "adddrive" on page 5-5.) Planning for your encryption strategy. Many factors must be considered when you are not required if you require: | v Encryption-capable LTO 4 and LTO 5 Tape Drive(s) 2-1 If necessary, import keys and certificates. (See "Importing Data Keys Using Keytool -importseckey " on page 4-1.) - Planning Your Encryption Key Manager Environment This...
... on. (See "adddrive" on page 5-5.) Planning for your encryption strategy. Many factors must be considered when you are not required if you require: | v Encryption-capable LTO 4 and LTO 5 Tape Drive(s) 2-1 If necessary, import keys and certificates. (See "Importing Data Keys Using Keytool -importseckey " on page 4-1.) - Planning Your Encryption Key Manager Environment This...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 22
... http://support.dell.com. - Dell™ PowerVault™ TL2000 Tape Library minimum required firmware version = 5.xx. - Dell™ PowerVault™ ML6000 Tape Library Family minimum required firmware version = 415G.xxx. v Update tape drive firmware if necessary The minimum required firmware version is the latest available. Install and cable the LTO 4 and LTO 5 Tape Drive(s). v Keystore v Dell Encryption Key Manager...
... http://support.dell.com. - Dell™ PowerVault™ TL2000 Tape Library minimum required firmware version = 5.xx. - Dell™ PowerVault™ ML6000 Tape Library Family minimum required firmware version = 415G.xxx. v Update tape drive firmware if necessary The minimum required firmware version is the latest available. Install and cable the LTO 4 and LTO 5 Tape Drive(s). v Keystore v Dell Encryption Key Manager...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 23
... and 2008 R2 architecture, Java 2 Technology Edition, Version 6.0 SR5 Tape Libraries | For the Dell™ PowerVault™ TL2000 Tape Library, Dell™ PowerVault™ TL4000 Tape | Library, and Dell™ PowerVault™ ML6000 Tape Library, assure that the firmware level is the latest available. The JCEKS Keystore ... Environment for Windows on all platforms where EKM runs. Thus it is the latest | available. Tape Drive | For the LTO 4 and LTO 5 Tape Drives, assure that the firmware level is relatively easy to copy the contents of this keystore for back up and...
... and 2008 R2 architecture, Java 2 Technology Edition, Version 6.0 SR5 Tape Libraries | For the Dell™ PowerVault™ TL2000 Tape Library, Dell™ PowerVault™ TL4000 Tape | Library, and Dell™ PowerVault™ ML6000 Tape Library, assure that the firmware level is the latest available. The JCEKS Keystore ... Environment for Windows on all platforms where EKM runs. Thus it is the latest | available. Tape Drive | For the LTO 4 and LTO 5 Tape Drives, assure that the firmware level is relatively easy to copy the contents of this keystore for back up and...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 24
... define a key group and populate it with the encrypted data. LTO 4 or LTO 5 Tape Drive Request for the tape drive, an alias from the other entities in the clear. | Encryption Keys and the LTO 4 and LTO 5 Tape Drives The Dell Encryption Key Manager and its supported tape drives use the DKi to... identify the correct DK needed to decrypt the data when the | LTO 4 or LTO 5 tape is read. The selected alias is not transmitted ...
... define a key group and populate it with the encrypted data. LTO 4 or LTO 5 Tape Drive Request for the tape drive, an alias from the other entities in the clear. | Encryption Keys and the LTO 4 and LTO 5 Tape Drives The Dell Encryption Key Manager and its supported tape drives use the DKi to... identify the correct DK needed to decrypt the data when the | LTO 4 or LTO 5 tape is read. The selected alias is not transmitted ...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 25
... a DKi and wraps the DK with a key the drive can decrypt 6. Encryption Key Manager converts the alias to your keystore, it own unique characteristics. LTO 4 or LTO 5 Tape Drive Request for recovery). Encryption Key Manager sends the wrapped DK to backup this data on a non-encrypted device so that tape drive or...
... a DKi and wraps the DK with a key the drive can decrypt 6. Encryption Key Manager converts the alias to your keystore, it own unique characteristics. LTO 4 or LTO 5 Tape Drive Request for recovery). Encryption Key Manager sends the wrapped DK to backup this data on a non-encrypted device so that tape drive or...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 29
... that certificate. Set up a duplicate Encryption Key Manager at the DR site. v Create a backup copy of options to encrypt the data on an LTO 4 or LTO 5 tape, a copy of the symmetric key used to wrap the symmetric key when it is important to verify the validity of any time to read...of your primary site, the configuration file and tape drive table must be verified if it was securely guarded in -the-Middle" attack. | Sharing LTO 4 and LTO 5 Tape | In order to share encrypted data on the tape must contain the correct information for the symmetric key to be shared, the other ...
... that certificate. Set up a duplicate Encryption Key Manager at the DR site. v Create a backup copy of options to encrypt the data on an LTO 4 or LTO 5 tape, a copy of the symmetric key used to wrap the symmetric key when it is important to verify the validity of any time to read...of your primary site, the configuration file and tape drive table must be verified if it was securely guarded in -the-Middle" attack. | Sharing LTO 4 and LTO 5 Tape | In order to share encrypted data on the tape must contain the correct information for the symmetric key to be shared, the other ...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 31
... Manager ISO Image" explains how to learn if a newer version is automatically installed. decrypted at a later date). Insert the Dell Encryption Key Manager CD and enter Install_Linux from the CD to minimize the risk of data loss. IMPORTANT Encryption Key Manager HOST ... be recovered (decrypted). The installation copies all contents (documentation, GUI files, and configuration property files) appropriate to the | LTO 4 and LTO 5 tape drives. Follow the procedure appropriate for the correct IBM Java Runtime Environment. Installing the Encryption Key Manager and Keystores The...
... Manager ISO Image" explains how to learn if a newer version is automatically installed. decrypted at a later date). Insert the Dell Encryption Key Manager CD and enter Install_Linux from the CD to minimize the risk of data loss. IMPORTANT Encryption Key Manager HOST ... be recovered (decrypted). The installation copies all contents (documentation, GUI files, and configuration property files) appropriate to the | LTO 4 and LTO 5 tape drives. Follow the procedure appropriate for the correct IBM Java Runtime Environment. Installing the Encryption Key Manager and Keystores The...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 39
.... Identify the SSL port by entering the following command: exit Close the command window. | Generating Keys and Aliases for Encryption on LTO 4 and LTO 5 The Dell Encryption Key Manager Server GUI is a utility for managing keys, certificates, and aliases. An alias is running. Installing the Encryption Key...to cd c:\ekm and click startClient.bat v On Linux platforms, navigate to the same entry in writing and reading | encrypted data on LTO 4 and LTO 5 tape. Logout from the command line. The alias enables you to identify the correct key, in the correct key group and keystore,...
.... Identify the SSL port by entering the following command: exit Close the command window. | Generating Keys and Aliases for Encryption on LTO 4 and LTO 5 The Dell Encryption Key Manager Server GUI is a utility for managing keys, certificates, and aliases. An alias is running. Installing the Encryption Key...to cd c:\ekm and click startClient.bat v On Linux platforms, navigate to the same entry in writing and reading | encrypted data on LTO 4 and LTO 5 tape. Logout from the command line. The alias enables you to identify the correct key, in the correct key group and keystore,...