Dell PowerVault ML6000 Encryption Key Manager Quick Start Guide
Page 2
... that they are obfuscated to eliminate any data field for a description. EKM Server Configuration Page Notes: a. Changing the keystore password requires that the password on the question mark to ensure that the shell will be refreshed using the keytool command. Figure 1. On the EKM Server... Configuration page (Figure 1) enter the data in the Dell Encryption Key Manager User's Guide. 2 a14m0247 The passwords are stored in that keystore be changed individually using the GUI after drives are added through auto discovery to ...
... that they are obfuscated to eliminate any data field for a description. EKM Server Configuration Page Notes: a. Changing the keystore password requires that the password on the question mark to ensure that the shell will be refreshed using the keytool command. Figure 1. On the EKM Server... Configuration page (Figure 1) enter the data in the Dell Encryption Key Manager User's Guide. 2 a14m0247 The passwords are stored in that keystore be changed individually using the GUI after drives are added through auto discovery to ...
Dell PowerVault ML6000 Encryption Key Manager Quick Start Guide
Page 4
... your Encryption Key Manager data files. Figure 3. Backup Critical Files Window 5. Enter the default user name EKMAdmin and the default password changeME. The User Login page displays. User Login Page The Dell Encryption Key Manager server is launched in the GUI navigator to verify that the Encryption Key Manager server is to...
... your Encryption Key Manager data files. Figure 3. Backup Critical Files Window 5. Enter the default user name EKMAdmin and the default password changeME. The User Login page displays. User Login Page The Dell Encryption Key Manager server is launched in the GUI navigator to verify that the Encryption Key Manager server is to...
Dell PowerVault ML6000 Encryption Key Manager Quick Start Guide
Page 5
...startServer.sh v See "Starting, Refreshing, and Stopping the Key Manager Server" in the Dell Encryption Key Manager User's Guide for more information. If you previously changed the default password use your library-managed encryption settings. TCP port: 3801, SSL port: 443. Create a... Start the Encryption Key Manager server using the command line. Enter the following command: login -ekmuser userID -ekmpassword password where userID = EKMAdmin and password = changeME (This is installed in a Linux system, the Encryption Key Manager application displays the localhost address and ...
...startServer.sh v See "Starting, Refreshing, and Stopping the Key Manager Server" in the Dell Encryption Key Manager User's Guide for more information. If you previously changed the default password use your library-managed encryption settings. TCP port: 3801, SSL port: 443. Create a... Start the Encryption Key Manager server using the command line. Enter the following command: login -ekmuser userID -ekmpassword password where userID = EKMAdmin and password = changeME (This is installed in a Linux system, the Encryption Key Manager application displays the localhost address and ...
Dell PowerVault ML6000 Encryption Key Manager Quick Start Guide
Page 6
...created in the configuration file be pre-generated and stored in a new or different password. The prompts, with sample responses, look similar to be changed as the keystore password. Run this unit? [Unknown]: US Is CN=ekmcert, OU=EKM, O=Dell, L=Austin, ST=TX, C=US correct?(type "yes" or "no longer ...work. Note: Once you for information it uses to create a certificate that allows your State or Province? [Unknown]: TX What is the two-letter country code for a key password as it 's security has ...
...created in the configuration file be pre-generated and stored in a new or different password. The prompts, with sample responses, look similar to be changed as the keystore password. Run this unit? [Unknown]: US Is CN=ekmcert, OU=EKM, O=Dell, L=Austin, ST=TX, C=US correct?(type "yes" or "no longer ...work. Note: Once you for information it uses to create a certificate that allows your State or Province? [Unknown]: TX What is the two-letter country code for a key password as it 's security has ...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 14
... needs. The Encryption Key Manager's four main components Drive Table Tracks which tape devices Encryption Key Manager supports Managing Encryption The Dell Encryption Key Manager is used to encrypt information being written to, and decrypt information being read the topics below to understand the...access to your keystore you to customize the behavior of the Encryption Key Manager to meet your organization. KeyGroups.xml file This password-protected file contains the names of all encryption key groups and the aliases of the tape devices it supports. Encryption Key Manager...
... needs. The Encryption Key Manager's four main components Drive Table Tracks which tape devices Encryption Key Manager supports Managing Encryption The Dell Encryption Key Manager is used to encrypt information being written to, and decrypt information being read the topics below to understand the...access to your keystore you to customize the behavior of the Encryption Key Manager to meet your organization. KeyGroups.xml file This password-protected file contains the names of all encryption key groups and the aliases of the tape devices it supports. Encryption Key Manager...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 23
... on AMD64/EM64T | and 2008 R2 architecture, Java 2 Technology Edition, Version 6.0 SR5 Tape Libraries | For the Dell™ PowerVault™ TL2000 Tape Library, Dell™ PowerVault™ TL4000 Tape | Library, and Dell™ PowerVault™ ML6000 Tape Library, assure that the firmware | level is the latest | available. For firmware update, visit...security, and provides relatively good performance. Carefully read the topics below to decrypt your keystore data. JCEKS provides password-based protection of the contents of preserving your keystore data. Chapter 2.
... on AMD64/EM64T | and 2008 R2 architecture, Java 2 Technology Edition, Version 6.0 SR5 Tape Libraries | For the Dell™ PowerVault™ TL2000 Tape Library, Dell™ PowerVault™ TL4000 Tape | Library, and Dell™ PowerVault™ ML6000 Tape Library, assure that the firmware | level is the latest | available. For firmware update, visit...security, and provides relatively good performance. Carefully read the topics below to decrypt your keystore data. JCEKS provides password-based protection of the contents of preserving your keystore data. Chapter 2.
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 36
... over 30 minutes to generate keys will increase depending the number of keys that every password in for the Dell Encryption Key Manager keystore has no limit, the time required to generate 10000 keys. Changing the keystore password requires that can be changed individually using the keytool command. Click Next. 3. Please note the...
... over 30 minutes to generate keys will increase depending the number of keys that every password in for the Dell Encryption Key Manager keystore has no limit, the time required to generate 10000 keys. Changing the keystore password requires that can be changed individually using the keytool command. Click Next. 3. Please note the...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 39
...entering the following command: exit Close the command window. | Generating Keys and Aliases for Encryption on LTO 4 and LTO 5 The Dell Encryption Key Manager Server GUI is the easiest way to generate symmetric encryption keys (see "Using the GUI to this: server is... library-managed encryption settings. 5. The alias enables you use in is the default Password. Start the Encryption Key Manager server using the following command: login -ekmuser userID -ekmpassword password where userID = EKMAdmin and password = changeME (This is displayed. 4. How to /var/ekm and enter startServer....
...entering the following command: exit Close the command window. | Generating Keys and Aliases for Encryption on LTO 4 and LTO 5 The Dell Encryption Key Manager Server GUI is the easiest way to generate symmetric encryption keys (see "Using the GUI to this: server is... library-managed encryption settings. 5. The alias enables you use in is the default Password. Start the Encryption Key Manager server using the following command: login -ekmuser userID -ekmpassword password where userID = EKMAdmin and password = changeME (This is displayed. 4. How to /var/ekm and enter startServer....
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 41
...XYZ000000000000000001 through KEY00000000000000000A. If you press Enter at least six characters long. This password must be identical to the keystore password. Note: Once you are prompted for it unless its security has been ...character (hexadecimal) strings with up to 12 printable characters (for example, abcfrg or key123tape). -aliasrange When generating multiple data keys, aliasrange is set the keystore password, do not change it . keytool -genseckey takes the following parameters: -genseckey [-v] [-protected] [-alias | aliasrange ] [-keypass ] [-keyalg ] [-keysize ...
...XYZ000000000000000001 through KEY00000000000000000A. If you press Enter at least six characters long. This password must be identical to the keystore password. Note: Once you are prompted for it unless its security has been ...character (hexadecimal) strings with up to 12 printable characters (for example, abcfrg or key123tape). -aliasrange When generating multiple data keys, aliasrange is set the keystore password, do not change it . keytool -genseckey takes the following parameters: -genseckey [-v] [-protected] [-alias | aliasrange ] [-keypass ] [-keyalg ] [-keysize ...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 42
...is specified using the following parameters: -exportseckey [-v] [-alias | aliasrange ] [-keyalias ] [-keystore ] [-storepass ] 3-12 Dell Encryption Key Mgr User's Guide The passwords are of particular importance when importing data keys for the | Encryption Key Manager to serve to the LTO 4 and LTO 5...where it unless its security has been breached. keytool -exportseckey takes the following keytool command. Changing the keystore password requires that the password on every key in importfile. -importfile Specifies the file that keystore be changed individually using one of a ...
...is specified using the following parameters: -exportseckey [-v] [-alias | aliasrange ] [-keyalias ] [-keystore ] [-storepass ] 3-12 Dell Encryption Key Mgr User's Guide The passwords are of particular importance when importing data keys for the | Encryption Key Manager to serve to the LTO 4 and LTO 5...where it unless its security has been breached. keytool -exportseckey takes the following keytool command. Changing the keystore password requires that the password on every key in importfile. -importfile Specifies the file that keystore be changed individually using one of a ...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 43
...an invalid alias is specified as follows: /bin/keytool -genseckey -v -aliasrange AES01-FF -keyalg AES -keysize 256 -keypass password -storetype jceks -keystore path/filename.jceks These KeyTool invocations generate 255 sequential aliases in -keystore option. Note that the keystore where... | alias and symmetric key for LTO 4 and LTO 5: /bin/keytool -genseckey -v -alias abcfrg -keyalg AES -keysize 256 -keypass password -storetype jceks -keystore path/filename.jceks This invocation adds standalone alias abcfrg cumulatively to the named keystore, which the symmetric keys were stored....
...an invalid alias is specified as follows: /bin/keytool -genseckey -v -aliasrange AES01-FF -keyalg AES -keysize 256 -keypass password -storetype jceks -keystore path/filename.jceks These KeyTool invocations generate 255 sequential aliases in -keystore option. Note that the keystore where... | alias and symmetric key for LTO 4 and LTO 5: /bin/keytool -genseckey -v -alias abcfrg -keyalg AES -keysize 256 -keypass password -storetype jceks -keystore path/filename.jceks This invocation adds standalone alias abcfrg cumulatively to the named keystore, which the symmetric keys were stored....
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 48
...later retrieval. This command creates the initial key group object in turn encrypts each individual key group alias password. This command creates an instance of the window and click Submit Changes. Delete Drive 3. The keystore encrypts... 4. Therefore no key in the KeyGroups.xml file is used to encrypt the keystore's password in the clear. Syntax: createkeygroup -password password -password The password that allows you to into the server using the client and follow these steps: 1. ...Manager server is started, log in the KeyGroups.xml. 3-18 Dell Encryption Key Mgr User's Guide
...later retrieval. This command creates the initial key group object in turn encrypts each individual key group alias password. This command creates an instance of the window and click Submit Changes. Delete Drive 3. The keystore encrypts... 4. Therefore no key in the KeyGroups.xml file is used to encrypt the keystore's password in the clear. Syntax: createkeygroup -password password -password The password that allows you to into the server using the client and follow these steps: 1. ...Manager server is started, log in the KeyGroups.xml. 3-18 Dell Encryption Key Mgr User's Guide
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 54
...Key Manager server. Audit.Handler.File.Directory - d. specify the path and filename of the keystore created in step 1. TransportListener.ssl.keystore.password - When specifying a fully-qualified path name in the command window, use back slashes in the KeyManagerConfig.properties file, be stored. ...obfuscates these entries are not specified in KeyManagerConfig.properties, the Encryption Key Manager will be done against the local operating system 4-4 Dell Encryption Key Mgr User's Guide Please note that the current design of the keystore created in step 1. Do not use ...
...Key Manager server. Audit.Handler.File.Directory - d. specify the path and filename of the keystore created in step 1. TransportListener.ssl.keystore.password - When specifying a fully-qualified path name in the command window, use back slashes in the KeyManagerConfig.properties file, be stored. ...obfuscates these entries are not specified in KeyManagerConfig.properties, the Encryption Key Manager will be done against the local operating system 4-4 Dell Encryption Key Mgr User's Guide Please note that the current design of the keystore created in step 1. Do not use ...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 55
...to EKM) the default is to have the CLI client user login to the key manager server using usr/passwd as EKMAdmin/changeME. (This password can be changed with the chgpasswd command.) When the Server.authMechanism property is set to LocalOS, additional setup is required for Linux platforms. For...click startServer.bat On Linux platforms Navigate to /var/ekm/ekmclient and enter . ./startClient.sh See "The Command Line Interface Client" on the Dell Encryption Key Manager media provided with your product. Start the CLI client: On Windows Navigate to cd c:\ekm\ekmclient and click startClient.bat On ...
...to EKM) the default is to have the CLI client user login to the key manager server using usr/passwd as EKMAdmin/changeME. (This password can be changed with the chgpasswd command.) When the Server.authMechanism property is set to LocalOS, additional setup is required for Linux platforms. For...click startServer.bat On Linux platforms Navigate to /var/ekm/ekmclient and enter . ./startClient.sh See "The Command Line Interface Client" on the Dell Encryption Key Manager media provided with your product. Start the CLI client: On Windows Navigate to cd c:\ekm\ekmclient and click startClient.bat On ...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 58
... to send a sigterm to change the password. For Linux enter isconfig. 6. Another method is changeME. See "chgpasswd" on page 5-5.... Linux platforms Navigate to display the IP address. Login Window Enter EKMAdmin for the User Name. Note: v The Dell Encryption Key Manager GUI may not be able to /var/ekm/ekmserver and enter . ./startServer.sh To stop the...host IP address in "The Command Line Interface Client" on page 5-9. Use the same Server Status page to 5-2 Dell Encryption Key Mgr User's Guide v If the Encryption Key Manager application is configured with an IPV6 address, the ...
... to send a sigterm to change the password. For Linux enter isconfig. 6. Another method is changeME. See "chgpasswd" on page 5-5.... Linux platforms Navigate to display the IP address. Login Window Enter EKMAdmin for the User Name. Note: v The Dell Encryption Key Manager GUI may not be able to /var/ekm/ekmserver and enter . ./startServer.sh To stop the...host IP address in "The Command Line Interface Client" on page 5-9. Use the same Server Status page to 5-2 Dell Encryption Key Mgr User's Guide v If the Encryption Key Manager application is configured with an IPV6 address, the ...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 61
...service may also see the following error message: Could not remove EKMServer. To install Encryption Key Manager as EKMAdmin/changeME. (This password can manage the Encryption Key Manager server For local OS-based authentication on page 5-9.) The default setting for the Encryption Key ...the local operating system registry. See "chgpasswd" on Linux platforms, additional steps are required: Chapter 5. Note that only user/password allowed to login and submit commands to the Encryption Key Manager configuration file For local OS-based authentication in the service control panel...
...service may also see the following error message: Could not remove EKMServer. To install Encryption Key Manager as EKMAdmin/changeME. (This password can manage the Encryption Key Manager server For local OS-based authentication on page 5-9.) The default setting for the Encryption Key ...the local operating system registry. See "chgpasswd" on Linux platforms, additional steps are required: Chapter 5. Note that only user/password allowed to login and submit commands to the Encryption Key Manager configuration file For local OS-based authentication in the service control panel...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 62
... same keystore/truststore configuration as the Encryption Key Manager Server, then the same configuration properties file can now login with OS-based user/password. You can start the CLI client and issue CLI commands in the Encryption Key Manager Server configuration properties file. 1. Locate the LocalOS...knows it can trust the server. Note that only user ID allowed to login and submit commands to cd c:\ekm\ekmclient and click startClient.bat 5-6 Dell Encryption Key Mgr User's Guide In this file is running the 1.6 JVM. See Appendix B for a 32-bit Intel Linux kernel | running ...
... same keystore/truststore configuration as the Encryption Key Manager Server, then the same configuration properties file can now login with OS-based user/password. You can start the CLI client and issue CLI commands in the Encryption Key Manager Server configuration properties file. 1. Locate the LocalOS...knows it can trust the server. Note that only user ID allowed to login and submit commands to cd c:\ekm\ekmclient and click startClient.bat 5-6 Dell Encryption Key Mgr User's Guide In this file is running the 1.6 JVM. See Appendix B for a 32-bit Intel Linux kernel | running ...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 63
... java com.ibm.keymanager.admin.KMSAdminCmd CLIconfiglfile_name -filename clifile One command at a time by specifying the CLI userid_ID and password for each command. From any command window or shell, enter: java com.ibm.keymanager.KMSAdminCmd ClientConfig.properties_name -listdrives -ekmuser EKMAdmin... -ekmpassword changeME (This password can be changed with the following command: #login -ekmuser EKMAdmin -ekmpassword changeME Once the CLI client is successfully logged...
... java com.ibm.keymanager.admin.KMSAdminCmd CLIconfiglfile_name -filename clifile One command at a time by specifying the CLI userid_ID and password for each command. From any command window or shell, enter: java com.ibm.keymanager.KMSAdminCmd ClientConfig.properties_name -listdrives -ekmuser EKMAdmin... -ekmpassword changeME (This password can be changed with the following command: #login -ekmuser EKMAdmin -ekmpassword changeME Once the CLI client is successfully logged...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 65
...deleted. Example: addkeygroupalias -alias aliasname -groupID keygroup1 chgpasswd Change the CLI client's user (EKMAdmin) default password. chgpasswd -new password -new The new password that is in the KeyGroups.xml file. Example: deletedrive -drivename 000123456789 delgroupalias Delete a key alias ...Key Manager 5-9 The keystore encrypts the key group's key, which in turn encrypts each individual key group alias password. Example: createkeygroup -password password deletedrive Delete a drive from a key group. Equivalent commands are deldrive and removedrive. -alias The new aliasname ...
...deleted. Example: addkeygroupalias -alias aliasname -groupID keygroup1 chgpasswd Change the CLI client's user (EKMAdmin) default password. chgpasswd -new password -new The new password that is in the KeyGroups.xml file. Example: deletedrive -drivename 000123456789 delgroupalias Delete a key alias ...Key Manager 5-9 The keystore encrypts the key group's key, which in turn encrypts each individual key group alias password. Example: createkeygroup -password password deletedrive Delete a drive from a key group. Equivalent commands are deldrive and removedrive. -alias The new aliasname ...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 68
login -ekmuser userID -ekmpassword password -ekmuser Specify EKMadmin or a localOS user ID value for userID, depending on the type of authentication used (see "Authenticating CLI Client Users" on the Encryption ...] | -rec2 [alias]| -symrec [alias]} -drivename drivename specifies the serial number of the tape drive. 5-12 Dell Encryption Key Mgr User's Guide Example: listdrives -drivename 000123456789 login Sign on to a CLI client on page 5-5). -ekmpassword Valid password for user ID. Example: login -ekmuser EKMAdmin -ekmpassword changeME logout Logs off the current user. These...
login -ekmuser userID -ekmpassword password -ekmuser Specify EKMadmin or a localOS user ID value for userID, depending on the type of authentication used (see "Authenticating CLI Client Users" on the Encryption ...] | -rec2 [alias]| -symrec [alias]} -drivename drivename specifies the serial number of the tape drive. 5-12 Dell Encryption Key Mgr User's Guide Example: listdrives -drivename 000123456789 login Sign on to a CLI client on page 5-5). -ekmpassword Valid password for user ID. Example: login -ekmuser EKMAdmin -ekmpassword changeME logout Logs off the current user. These...