Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 17
... in the public/private key pair. The responsibility for encrypting large amounts of data in the Dell™ PowerVault™ TL2000 Tape Library, Dell™ PowerVault™ TL4000 Tape Library, or Dell™ PowerVault™ ML6000 Tape Library. However, it is a random string of keys. About Encryption Keys...public key is used to scramble and unscramble data. Asymmetric, or public/private encryption, uses a pair of bits generated specifically to encrypt, and the private key is generally used for generating AES keys and the manner in which they are transferred...
... in the public/private key pair. The responsibility for encrypting large amounts of data in the Dell™ PowerVault™ TL2000 Tape Library, Dell™ PowerVault™ TL4000 Tape Library, or Dell™ PowerVault™ ML6000 Tape Library. However, it is a random string of keys. About Encryption Keys...public key is used to scramble and unscramble data. Asymmetric, or public/private encryption, uses a pair of bits generated specifically to encrypt, and the private key is generally used for generating AES keys and the manner in which they are transferred...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 24
... of key aliases specified in the symmetricKeySet configuration property is not transmitted through TCP/IP in Drive Table 2-4 Dell Encryption Key Mgr User's Guide In this DK, wrapped with | a different key that was specified for ...keys are selected from your keystore. | Encryption Keys and the LTO 4 and LTO 5 Tape Drives The Dell Encryption Key Manager and its supported tape drives use the DKi to identify the correct DK needed to decrypt...group and populate it with the encrypted data. Lacking a specific alias for the tape drive, aliases are processed for a tape drive.
... of key aliases specified in the symmetricKeySet configuration property is not transmitted through TCP/IP in Drive Table 2-4 Dell Encryption Key Mgr User's Guide In this DK, wrapped with | a different key that was specified for ...keys are selected from your keystore. | Encryption Keys and the LTO 4 and LTO 5 Tape Drives The Dell Encryption Key Manager and its supported tape drives use the DKi to identify the correct DK needed to decrypt...group and populate it with the encrypted data. Lacking a specific alias for the tape drive, aliases are processed for a tape drive.
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 28
...configuration will automatically failover to the keystore(s) being overwritten. The keystores and key groups XML file must be synchronized between servers. 2-8 Dell Encryption Key Mgr User's Guide Two Servers with two Encryption Key Manager servers having identical configurations, such as those shown in Figure ...configuration between key manager servers. (Refer to "Synchronizing Data Between Two Key Manager Servers" on the other automatically using methods specific to the secondary key manager should the primary go down. Refer to serve the common tape drives must be copied to ...
...configuration will automatically failover to the keystore(s) being overwritten. The keystores and key groups XML file must be synchronized between servers. 2-8 Dell Encryption Key Mgr User's Guide Two Servers with two Encryption Key Manager servers having identical configurations, such as those shown in Figure ...configuration between key manager servers. (Refer to "Synchronizing Data Between Two Key Manager Servers" on the other automatically using methods specific to the secondary key manager should the primary go down. Refer to serve the common tape drives must be copied to ...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 30
... all cryptographic functions. The certification of the private key is able to be FIPS 140 certified. See the documentation from specific hardware and software cryptographic providers for all its cryptographic providers to unwrap the symmetric key. Federal Information Processing Standard 140-2 ...on in their Encryption Key Manager keystore, the other organization imports the symmetric key into their products are FIPS 140-2 certified. 2-10 Dell Encryption Key Mgr User's Guide By setting the fips configuration parameter to on page 3-12). Keytool -exportseckey " on whether their ...
... all cryptographic functions. The certification of the private key is able to be FIPS 140 certified. See the documentation from specific hardware and software cryptographic providers for all its cryptographic providers to unwrap the symmetric key. Federal Information Processing Standard 140-2 ...on in their Encryption Key Manager keystore, the other organization imports the symmetric key into their products are FIPS 140-2 certified. 2-10 Dell Encryption Key Mgr User's Guide By setting the fips configuration parameter to on page 3-12). Keytool -exportseckey " on whether their ...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 44
...proper size and algorithm). Note: When you are built using the Dell Encryption Key Manager Server GUI or using the -symrec keyword in the adddrive command. Click Submit. To create a key group and populate it with a specific tape drive using the following message may appear in the native_stderr.log...while performing any other meaningful characteristic. must define it in the KeyGroups.xml file. Once a key group is not yet started: 3-14 Dell Encryption Key Mgr User's Guide If you must be created. The filename specified in the config.keystore.file should match the name specified ...
...proper size and algorithm). Note: When you are built using the Dell Encryption Key Manager Server GUI or using the -symrec keyword in the adddrive command. Click Submit. To create a key group and populate it with a specific tape drive using the following message may appear in the native_stderr.log...while performing any other meaningful characteristic. must define it in the KeyGroups.xml file. Once a key group is not yet started: 3-14 Dell Encryption Key Mgr User's Guide If you must be created. The filename specified in the config.keystore.file should match the name specified ...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 46
To assign a specific key group to Drive at the bottom of the window (Figure 3-9 on the left of the window and click Submit Changes. Verify the current and new default key groups at the right. 4. Select Administration Commands in the navigator on page 3-17). 3-16 Dell Encryption Key Mgr User's Guide Change Default Write Key Group 3. Select the new default key group from the Group List at the bottom of the GUI. 2. a14m0244 Figure 3-8. Click Assign Group to a specific tape drive: 1.
To assign a specific key group to Drive at the bottom of the window (Figure 3-9 on the left of the window and click Submit Changes. Verify the current and new default key groups at the right. 4. Select Administration Commands in the navigator on page 3-17). 3-16 Dell Encryption Key Mgr User's Guide Change Default Write Key Group 3. Select the new default key group from the Group List at the bottom of the GUI. 2. a14m0244 Figure 3-8. Click Assign Group to a specific tape drive: 1.
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 49
... file. Syntax: addkeygroup -groupID groupname -groupID The unique groupname used to the drive table and associate it with a specific key group. This command creates a new alias for a tape drive, set the symmetrickeySet property of the configuration properties ...file to use. Example: addkeygroupalias -alias key000000000000000000 -groupID keygroup1 Note: When using this CLI command, you to a specific key group ID. Example: moddrive -drivename 000123456789 -symrec keygroup1 b. For example, symmetricKeySet = keygroup1 Chapter 3. Syntax: moddrive -drivename ...
... file. Syntax: addkeygroup -groupID groupname -groupID The unique groupname used to the drive table and associate it with a specific key group. This command creates a new alias for a tape drive, set the symmetrickeySet property of the configuration properties ...file to use. Example: addkeygroupalias -alias key000000000000000000 -groupID keygroup1 Note: When using this CLI command, you to a specific key group ID. Example: moddrive -drivename 000123456789 -symrec keygroup1 b. For example, symmetricKeySet = keygroup1 Chapter 3. Syntax: moddrive -drivename ...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 50
... tracks key usage within the specified key group. Example: addaliastogroup -aliasID aliasname -sourceGroupID keygroup1 -targetGroupID keygroup2 Note: Key is to be added. This command copies a specific alias from within a key group. When you specify a valid GroupID, the Encryption Key Manager records which key was last used to identify the group to... which the alias is available in the KeyGroups.xml file. The GroupID must match an existing key group ID in both key groups. 3-20 Dell Encryption Key Mgr User's Guide
... tracks key usage within the specified key group. Example: addaliastogroup -aliasID aliasname -sourceGroupID keygroup1 -targetGroupID keygroup2 Note: Key is to be added. This command copies a specific alias from within a key group. When you specify a valid GroupID, the Encryption Key Manager records which key was last used to identify the group to... which the alias is available in the KeyGroups.xml file. The GroupID must match an existing key group ID in both key groups. 3-20 Dell Encryption Key Mgr User's Guide
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 63
...: java com.ibm.keymanager.admin.KMSAdminCmd CLIconfiglfile_name -filename clifile One command at a time by specifying the CLI userid_ID and password for each command. addaliastogroup Copy a specific alias from any commands. From any command window or shell, enter: java com.ibm.keymanager.KMSAdminCmd ClientConfig.properties_name -listdrives -ekmuser EKMAdmin -ekmpassword changeME (This password...
...: java com.ibm.keymanager.admin.KMSAdminCmd CLIconfiglfile_name -filename clifile One command at a time by specifying the CLI userid_ID and password for each command. addaliastogroup Copy a specific alias from any commands. From any command window or shell, enter: java com.ibm.keymanager.KMSAdminCmd ClientConfig.properties_name -listdrives -ekmuser EKMAdmin -ekmpassword changeME (This password...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 64
... -rec1 alias] [-rec2 alias][-symrec alias] -drivename drivename specifies the 12-digit serial number of the drive to be added. addkeygroupalias -alias aliasname -groupID groupname 5-8 Dell Encryption Key Mgr User's Guide Refer to "Automatically Update Tape Drive Table" on page 2-4 for information about alias requirements. addkeygroup -groupID groupname -groupID The unique...the symmetric key) or a key group name for the tape drive. Example: addaliastogroup -aliasID aliasname -sourceGroupID keygroup1 -targetGroupID keygroup2 adddrive Add a new drive to a specific key group ID.
... -rec1 alias] [-rec2 alias][-symrec alias] -drivename drivename specifies the 12-digit serial number of the drive to be added. addkeygroupalias -alias aliasname -groupID groupname 5-8 Dell Encryption Key Mgr User's Guide Refer to "Automatically Update Tape Drive Table" on page 2-4 for information about alias requirements. addkeygroup -groupID groupname -groupID The unique...the symmetric key) or a key group name for the tape drive. Example: addaliastogroup -aliasID aliasname -sourceGroupID keygroup1 -targetGroupID keygroup2 adddrive Add a new drive to a specific key group ID.
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 67
... all available data for the mycert alias if it exists in the specified keystore. -alias alias specifies a specific certificate to list. -verbose|-v Display more information about the certificate(s). listcerts [-alias alias -verbose |-v] -alias alias specifies a specific certificate to be taken. listdrives [-drivename drivename ] Chapter 5. -url urlname specifies the location from which the...
... all available data for the mycert alias if it exists in the specified keystore. -alias alias specifies a specific certificate to list. -verbose|-v Display more information about the certificate(s). listcerts [-alias alias -verbose |-v] -alias alias specifies a specific certificate to be taken. listdrives [-drivename drivename ] Chapter 5. -url urlname specifies the location from which the...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 90
... settings in the memory queue. This parameter is zero. the default is optional but recommended. Examples An example specification for this configuration value is: Audit.event.types=all Another example is: Audit.event.types=authentication;runtime;resource_management Audit... operations, or both should be audited. configuration_management resource_management Events that occur as configuration changes are changed Examples An example specification for events to indicate whether events occurring as a result of unsuccessful operations. Example Audit.eventQueue.max=8 Audit.handler....
... settings in the memory queue. This parameter is zero. the default is optional but recommended. Examples An example specification for this configuration value is: Audit.event.types=all Another example is: Audit.event.types=authentication;runtime;resource_management Audit... operations, or both should be audited. configuration_management resource_management Events that occur as configuration changes are changed Examples An example specification for events to indicate whether events occurring as a result of unsuccessful operations. Example Audit.eventQueue.max=8 Audit.handler....
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 92
... audit log, allowing the current thread of execution (operation) to continue without waiting for a single audit record contains a closing right 7-4 Dell Encryption Key Mgr User's Guide Subsequent lines associated with information specific to complete. This value is shown here: AuditRecordType:[ timestamp=timestamp Attribute Name=Attribute Value ... ] Each record spans multiple lines in...
... audit log, allowing the current thread of execution (operation) to continue without waiting for a single audit record contains a closing right 7-4 Dell Encryption Key Mgr User's Guide Subsequent lines associated with information specific to complete. This value is shown here: AuditRecordType:[ timestamp=timestamp Attribute Name=Attribute Value ... ] Each record spans multiple lines in...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 103
...available for Secure Socket Layer client operations such as a Java.util.Properties load file, which imposes certain restrictions on the format and specification of a line. B-1 To stop the Encryption Key Manager server issue the stopekm command from this keystore. A cipher suite describes the... client presents to the end of a line may appear in quotation marks. Therefore, be used for download at http://support.dell.com in the Encryption Key Manager server configuration file (KeyManagerConfig.properties). Admin.ssl.ciphersuites = value Specifies the cipher suites to be...
...available for Secure Socket Layer client operations such as a Java.util.Properties load file, which imposes certain restrictions on the format and specification of a line. B-1 To stop the Encryption Key Manager server issue the stopekm command from this keystore. A cipher suite describes the... client presents to the end of a line may appear in quotation marks. Therefore, be used for download at http://support.dell.com in the Encryption Key Manager server configuration file (KeyManagerConfig.properties). Admin.ssl.ciphersuites = value Specifies the cipher suites to be...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 108
...symmetric key aliases and key groups to be used each time getKey is called from the KeyGroups.xml for the list of symmetric keys.Each specification of keyAliasList contains either a value for keyAlias or keyAliasRange. A readme file included on one or more values for keyAliasList. Required Optional. ... Values Specify one value for GroupID or one line and contain no alias is specified for the tape drive. If more installation details. B-6 Dell Encryption Key Mgr User's Guide After the installation is done, you specify a valid GroupID, the last key used in the Key Groups XML...
...symmetric key aliases and key groups to be used each time getKey is called from the KeyGroups.xml for the list of symmetric keys.Each specification of keyAliasList contains either a value for keyAlias or keyAliasRange. A readme file included on one or more values for keyAliasList. Required Optional. ... Values Specify one value for GroupID or one line and contain no alias is specified for the tape drive. If more installation details. B-6 Dell Encryption Key Mgr User's Guide After the installation is done, you specify a valid GroupID, the last key used in the Key Groups XML...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 113
...private key/certificate pair must still be specified. For library-managed encryption, the applications need NOT be running . This is a URL specification and is transparent at the other layers. No, the Encryption Key Manager does not perform any Certificate Revocation List (CRL) checking? ...perform any CRL checking What happens when the certificate being used , the encryption is not what people normally expect for a directory structure specification Must I still include the ″config.drivetable.file.url = FILE:/filename″ parameter in Windows. It does not matter to ...
...private key/certificate pair must still be specified. For library-managed encryption, the applications need NOT be running . This is a URL specification and is transparent at the other layers. No, the Encryption Key Manager does not perform any Certificate Revocation List (CRL) checking? ...perform any CRL checking What happens when the certificate being used , the encryption is not what people normally expect for a directory structure specification Must I still include the ″config.drivetable.file.url = FILE:/filename″ parameter in Windows. It does not matter to ...
Dell PowerVault TL2000/TL4000 - Important Information
Page 8
... functionality, the user needs to power cycle the specific drive that the EKM server be the same as the original EKM. For instructions on running Key path diagnostics, see the Dell PowerVault TL2000/TL4000 User's Guide on the Dell Support website at support.dell.com. 8 Important Information e Replace the secondary.... b Install the EKM application following items must be set with the files from the primary EKM server (located in the Dell PowerVault Encryption Key Manager Quick Start Guide. To set up It is recommended to run Key path diagnostics to ensure proper library and EKM...
... functionality, the user needs to power cycle the specific drive that the EKM server be the same as the original EKM. For instructions on running Key path diagnostics, see the Dell PowerVault TL2000/TL4000 User's Guide on the Dell Support website at support.dell.com. 8 Important Information e Replace the secondary.... b Install the EKM application following items must be set with the files from the primary EKM server (located in the Dell PowerVault Encryption Key Manager Quick Start Guide. To set up It is recommended to run Key path diagnostics to ensure proper library and EKM...
Dell Model TL2000/TL4000 Tape Library- User's Guide
Page 7
... Data Transfer Rate 1-8 Ultrium Tape Drives 1-8 Speed Matching 1-10 Channel Calibration 1-10 Power Management 1-10 Media 1-10 Library Specifications 1-11 Product Environment 1-13 Supported Device Drivers 1-13 Chapter 2. Installation and Configuration 4-1 Using the Library Configuration Form . .... ONLY 4-3 Removing and Storing the Shipping Lock . . . 4-4 Rackmounting the Library (for Common Library Features iii Contacting Dell iii Figures vii Tables xi Safety and Environmental Notices . . User Interfaces 2-1 Operator Control Panel 2-1 Operator Control Panel Philosophy...
... Data Transfer Rate 1-8 Ultrium Tape Drives 1-8 Speed Matching 1-10 Channel Calibration 1-10 Power Management 1-10 Media 1-10 Library Specifications 1-11 Product Environment 1-13 Supported Device Drivers 1-13 Chapter 2. Installation and Configuration 4-1 Using the Library Configuration Form . .... ONLY 4-3 Removing and Storing the Shipping Lock . . . 4-4 Rackmounting the Library (for Common Library Features iii Contacting Dell iii Figures vii Tables xi Safety and Environmental Notices . . User Interfaces 2-1 Operator Control Panel 2-1 Operator Control Panel Philosophy...
Dell Model TL2000/TL4000 Tape Library- User's Guide
Page 8
...Flags . . . . . A-1 4U Library I /O Slot, Storage Slots and Drive Slot Element Addresses and Physical Locations . . . Accessibility H-1 Glossary I-1 Index X-1 vi Dell PowerVault TL2000 Tape Library and TL4000 Tape Library User's Guide Using Ultrium Media . . . . 6-1 Data Cartridges 6-1 Cartridge Compatibility 6-2 WORM (Write Once, Read Many 6-3 WORM Media 6-3 ... 6-7 Provide Proper Acclimation and Environmental Conditions 6-8 Perform a Thorough Inspection 6-8 Handle the Cartridge Carefully 6-9 Environmental and Shipping Specifications for Tape Cartridges 6-9 Chapter 7.
...Flags . . . . . A-1 4U Library I /O Slot, Storage Slots and Drive Slot Element Addresses and Physical Locations . . . Accessibility H-1 Glossary I-1 Index X-1 vi Dell PowerVault TL2000 Tape Library and TL4000 Tape Library User's Guide Using Ultrium Media . . . . 6-1 Data Cartridges 6-1 Cartridge Compatibility 6-2 WORM (Write Once, Read Many 6-3 WORM Media 6-3 ... 6-7 Provide Proper Acclimation and Environmental Conditions 6-8 Perform a Thorough Inspection 6-8 Handle the Cartridge Carefully 6-9 Environmental and Shipping Specifications for Tape Cartridges 6-9 Chapter 7.
Dell Model TL2000/TL4000 Tape Library- User's Guide
Page 13
... Library Status page elements . . . . . 5-37 Drive Status page elements 5-38 Configure Library: General page elements 5-44 Configure Library: Specific page elements 5-44 5-12. 6-1. 6-2. 6-3. 6-4. 6-5. 7-1. 7-2. 8-1. 8-2. 8-3. 10-1. A-3. A-2. Minimum Firmware Levels for common Library features...storage capacity and data transfer rate 1-8 Physical Specifications 1-11 Power Specifications 1-11 Operation Specifications: Ultrium 5 1-11 Operation Specifications: Ultrium 4 1-11 Operation Specifications: Ultrium 3 1-12 Environmental Specifications . . . . . 1-12 Host Drive...
... Library Status page elements . . . . . 5-37 Drive Status page elements 5-38 Configure Library: General page elements 5-44 Configure Library: Specific page elements 5-44 5-12. 6-1. 6-2. 6-3. 6-4. 6-5. 7-1. 7-2. 8-1. 8-2. 8-3. 10-1. A-3. A-2. Minimum Firmware Levels for common Library features...storage capacity and data transfer rate 1-8 Physical Specifications 1-11 Power Specifications 1-11 Operation Specifications: Ultrium 5 1-11 Operation Specifications: Ultrium 4 1-11 Operation Specifications: Ultrium 3 1-12 Environmental Specifications . . . . . 1-12 Host Drive...