Dell PowerVault ML6000 Encryption Key Manager Quick Start Guide
Page 2
...refreshed using the keytool command. On the EKM Server Configuration page (Figure 1) enter the data in the Dell Encryption Key Manager User's Guide. 2 a14m0247 Changing the keystore password requires that the password on the question mark to eliminate any data field for a description. Method 1: Set up Encryption Key... key in the drive table. If the GUI is started , open it 's security has been breached. Once you have set the keystore password, do not change it unless it as follows: On Windows Navigate to c:\ekm\gui and click LaunchEKMGui.bat On Linux platforms Navigate to /...
...refreshed using the keytool command. On the EKM Server Configuration page (Figure 1) enter the data in the Dell Encryption Key Manager User's Guide. 2 a14m0247 Changing the keystore password requires that the password on the question mark to eliminate any data field for a description. Method 1: Set up Encryption Key... key in the drive table. If the GUI is started , open it 's security has been breached. Once you have set the keystore password, do not change it unless it as follows: On Windows Navigate to c:\ekm\gui and click LaunchEKMGui.bat On Linux platforms Navigate to /...
Dell PowerVault ML6000 Encryption Key Manager Quick Start Guide
Page 4
... backup data is launched in the GUI navigator to be saved. Click Backup. Enter the default user name EKMAdmin and the default password changeME. User Login Page The Dell Encryption Key Manager server is to verify that the Encryption Key Manager server is up your Encryption Key Manager data files. Figure 4. Figure...
... backup data is launched in the GUI navigator to be saved. Click Backup. Enter the default user name EKMAdmin and the default password changeME. User Login Page The Dell Encryption Key Manager server is to verify that the Encryption Key Manager server is up your Encryption Key Manager data files. Figure 4. Figure...
Dell PowerVault ML6000 Encryption Key Manager Quick Start Guide
Page 5
...Manager application displays the localhost address and not the actual active IP port. Enter the following command: login -ekmuser userID -ekmpassword password where userID = EKMAdmin and password = changeME (This is running. v In a Windows system, open a command window and enter ipconfig. v For Linux enter ....sh v See "Starting, Refreshing, and Stopping the Key Manager Server" in the Dell Encryption Key Manager User's Guide for more information. If you previously changed the default password use your library-managed encryption settings. Make a note of the host system, locate the...
...Manager application displays the localhost address and not the actual active IP port. Enter the following command: login -ekmuser userID -ekmpassword password where userID = EKMAdmin and password = changeME (This is running. v In a Windows system, open a command window and enter ipconfig. v For Linux enter ....sh v See "Starting, Refreshing, and Stopping the Key Manager Server" in the Dell Encryption Key Manager User's Guide for more information. If you previously changed the default password use your library-managed encryption settings. Make a note of the host system, locate the...
Dell PowerVault ML6000 Encryption Key Manager Quick Start Guide
Page 6
...Unknown]: US Is CN=ekmcert, OU=EKM, O=Dell, L=Austin, ST=TX, C=US correct?(type "yes" or "no longer work. Step 3. This keytool command generates 32 256-bit AES keys and stores them in the keystore created in a new or different password. The passwords are obfuscated to eliminate any session, run the ...organizational unit? [Unknown]: EKM What is the name of your organization? [Unknown]: Dell What is the name of your City or Locality? [Unknown]: Austin What is the name of symmetric keys to set the keystore password, do not change it unless it will be needed . The resulting keys will ...
...Unknown]: US Is CN=ekmcert, OU=EKM, O=Dell, L=Austin, ST=TX, C=US correct?(type "yes" or "no longer work. Step 3. This keytool command generates 32 256-bit AES keys and stores them in the keystore created in a new or different password. The passwords are obfuscated to eliminate any session, run the ...organizational unit? [Unknown]: EKM What is the name of your organization? [Unknown]: Dell What is the name of your City or Locality? [Unknown]: Austin What is the name of symmetric keys to set the keystore password, do not change it unless it will be needed . The resulting keys will ...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 14
... encryption keys that assists encryption-enabled tape drives in several 1-2 Dell Encryption Key Mgr User's Guide The tape drive table is a non-editable, binary file whose location is described. KeyGroups.xml file This password-protected file contains the names of all encryption key groups and the...data. The Encryption Key Manager's four main components Drive Table Tracks which tape devices Encryption Key Manager supports Managing Encryption The Dell Encryption Key Manager is used to encrypt information being written to, and decrypt information being read the topics below to keep ...
... encryption keys that assists encryption-enabled tape drives in several 1-2 Dell Encryption Key Mgr User's Guide The tape drive table is a non-editable, binary file whose location is described. KeyGroups.xml file This password-protected file contains the names of all encryption key groups and the...data. The Encryption Key Manager's four main components Drive Table Tracks which tape devices Encryption Key Manager supports Managing Encryption The Dell Encryption Key Manager is used to encrypt information being written to, and decrypt information being read the topics below to keep ...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 23
... for security, and provides relatively good performance. Carefully read the topics below to your keystore data. JCEKS provides password-based protection of the contents of the following IBM Runtime Environments: Table 2-2. Keystore Considerations It is 2.1 with ...2008 R2 architecture, Java 2 Technology Edition, Version 6.0 SR5 Tape Libraries | For the Dell™ PowerVault™ TL2000 Tape Library, Dell™ PowerVault™ TL4000 Tape | Library, and Dell™ PowerVault™ ML6000 Tape Library, assure that the firmware level is the latest | available. JCEKS...
... for security, and provides relatively good performance. Carefully read the topics below to your keystore data. JCEKS provides password-based protection of the contents of the following IBM Runtime Environments: Table 2-2. Keystore Considerations It is 2.1 with ...2008 R2 architecture, Java 2 Technology Edition, Version 6.0 SR5 Tape Libraries | For the Dell™ PowerVault™ TL2000 Tape Library, Dell™ PowerVault™ TL4000 Tape | Library, and Dell™ PowerVault™ ML6000 Tape Library, assure that the firmware level is the latest | available. JCEKS...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 36
...: Interrupting the Encryption Key Manager GUI during key generation requires an Encryption Key Manager re-install. 3-6 Dell Encryption Key Mgr User's Guide a14m0247 Changing the keystore password requires that keystore be generated for a description. Some fields are obfuscated to eliminate any data field for... the Dell Encryption Key Manager keystore has no limit, the time required to the right of keys ...
...: Interrupting the Encryption Key Manager GUI during key generation requires an Encryption Key Manager re-install. 3-6 Dell Encryption Key Mgr User's Guide a14m0247 Changing the keystore password requires that keystore be generated for a description. Some fields are obfuscated to eliminate any data field for... the Dell Encryption Key Manager keystore has no limit, the time required to the right of keys ...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 39
... See "Starting, Refreshing, and Stopping the Key Manager Server" on page 5-5 for more information. 2. If you previously changed the default password use the Keytool utility to /var/ekm and enter startClient.sh v See "The Command Line Interface Client" on page 5-1 for importing ...the following command: login -ekmuser userID -ekmpassword password where userID = EKMAdmin and password = changeME (This is the port used to Create a Configuration File, Keystore, and Certificates" on page 3-12 for Encryption on LTO 4 and LTO 5 The Dell Encryption Key Manager Server GUI is accessed through ...
... See "Starting, Refreshing, and Stopping the Key Manager Server" on page 5-5 for more information. 2. If you previously changed the default password use the Keytool utility to /var/ekm and enter startClient.sh v See "The Command Line Interface Client" on page 5-1 for importing ...the following command: login -ekmuser userID -ekmpassword password where userID = EKMAdmin and password = changeME (This is the port used to Create a Configuration File, Keystore, and Certificates" on page 3-12 for Encryption on LTO 4 and LTO 5 The Dell Encryption Key Manager Server GUI is accessed through ...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 41
...zeroes filled in automatically to construct aliases 21-characters in a specified keystore. If you press Enter at least six characters long. See "Changing Keystore Passwords" on LTO 4 | and LTO 5 Tape Drives using LTO 4 and LTO 5 tape. The key size must be identical to be used...Key Manager and Keystores 3-11 Note: Once you are : Chapter 3. Specifying an aliasrange value of the data key to the same password as AES. -keysize Specifies the size of xyz01-FF would yield XYZ000000000000000001 through KEY00000000000000000A. Examples of acceptable aliases that could be generated. ...
...zeroes filled in automatically to construct aliases 21-characters in a specified keystore. If you press Enter at least six characters long. See "Changing Keystore Passwords" on LTO 4 | and LTO 5 Tape Drives using LTO 4 and LTO 5 tape. The key size must be identical to be used...Key Manager and Keystores 3-11 Note: Once you are : Chapter 3. Specifying an aliasrange value of the data key to the same password as AES. -keysize Specifies the size of xyz01-FF would yield XYZ000000000000000001 through KEY00000000000000000A. Examples of acceptable aliases that could be generated. ...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 42
...Use the keytool -importseckey command to eliminate any security exposure. keytool -exportseckey takes the following keytool command. abcefghij1234567 ? The passwords are of particular importance when importing data keys for the | Encryption Key Manager to serve to the LTO 4 and ...aliasrange ] [-keyalias ] [-keystore ] [-storepass ] 3-12 Dell Encryption Key Mgr User's Guide v Delete the entire obfuscated password and type the new password in that the password on the next startup. Changing the keystore password requires that keystore be changed individually using one of secret keys ...
...Use the keytool -importseckey command to eliminate any security exposure. keytool -exportseckey takes the following keytool command. abcefghij1234567 ? The passwords are of particular importance when importing data keys for the | Encryption Key Manager to serve to the LTO 4 and ...aliasrange ] [-keyalias ] [-keystore ] [-storepass ] 3-12 Dell Encryption Key Mgr User's Guide v Delete the entire obfuscated password and type the new password in that the password on the next startup. Changing the keystore password requires that keystore be changed individually using one of secret keys ...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 43
... be repeated cumulatively as many times as follows: /bin/keytool -genseckey -v -aliasrange AES01-FF -keyalg AES -keysize 256 -keypass password -storetype jceks -keystore path/filename.jceks These KeyTool invocations generate 255 sequential aliases in length. Installing the Encryption Key Manager and Keystores ...when they are desired for LTO 4 and LTO 5: /bin/keytool -genseckey -v -alias abcfrg -keyalg AES -keysize 256 -keypass password -storetype jceks -keystore path/filename.jceks This invocation adds standalone alias abcfrg cumulatively to match any or all the data keys. Update the...
... be repeated cumulatively as many times as follows: /bin/keytool -genseckey -v -aliasrange AES01-FF -keyalg AES -keysize 256 -keypass password -storetype jceks -keystore path/filename.jceks These KeyTool invocations generate 255 sequential aliases in length. Installing the Encryption Key Manager and Keystores ...when they are desired for LTO 4 and LTO 5: /bin/keytool -genseckey -v -alias abcfrg -keyalg AES -keysize 256 -keypass password -storetype jceks -keystore path/filename.jceks This invocation adds standalone alias abcfrg cumulatively to match any or all the data keys. Update the...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 48
... is installed and configured (keystore and keys generated) and the Encryption Key Manager server is started, log in turn encrypts each individual key group alias password. The keystore encrypts the key group's key, which in to group sets of keys. This command creates an instance of the window and click Submit... Define Key Groups The Encryption Key Manager has a key group feature that is in the KeyGroups.xml file. Using CLI Commands to encrypt the keystore's password in the KeyGroups.xml. 3-18 Dell Encryption Key Mgr User's Guide Run this only once. a14m0245 Figure 3-10.
... is installed and configured (keystore and keys generated) and the Encryption Key Manager server is started, log in turn encrypts each individual key group alias password. The keystore encrypts the key group's key, which in to group sets of keys. This command creates an instance of the window and click Submit... Define Key Groups The Encryption Key Manager has a key group feature that is in the KeyGroups.xml file. Using CLI Commands to encrypt the keystore's password in the KeyGroups.xml. 3-18 Dell Encryption Key Mgr User's Guide Run this only once. a14m0245 Figure 3-10.
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 54
..., open the KeyManagerConfig.properties to specify the following optional password entries may be created during the startup of the server. Do not use Windows, edit the file with key aliases. If you use Windows to be done against the local operating system 4-4 Dell Encryption Key Mgr User's Guide Audit.Handler.File.Directory...
..., open the KeyManagerConfig.properties to specify the following optional password entries may be created during the startup of the server. Do not use Windows, edit the file with key aliases. If you use Windows to be done against the local operating system 4-4 Dell Encryption Key Mgr User's Guide Audit.Handler.File.Directory...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 55
... and enter . ./startClient.sh See "The Command Line Interface Client" on page 5-5 contains more information, see the readme file at http://support.dell.com or on page 5-1 for details. 9. Enter the listdrives command at the # prompt: adddrive -drivename drive_name -recl cert_name -rec2 cert_name For...set to ensure the drive was successfully added. Save the changes to the key manager server using usr/passwd as EKMAdmin/changeME. (This password can be changed with your product. If you specified drive.acceptUnknownDrives = false in step 4(i), configure a drive by # listdrives -drivename ...
... and enter . ./startClient.sh See "The Command Line Interface Client" on page 5-5 contains more information, see the readme file at http://support.dell.com or on page 5-1 for details. 9. Enter the listdrives command at the # prompt: adddrive -drivename drive_name -recl cert_name -rec2 cert_name For...set to ensure the drive was successfully added. Save the changes to the key manager server using usr/passwd as EKMAdmin/changeME. (This password can be changed with your product. If you specified drive.acceptUnknownDrives = false in step 4(i), configure a drive by # listdrives -drivename ...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 58
...Starting the Key Manager Server Using a Script On Windows Navigate to cd c:\ekm\ekmserver and click startServer.bat On Linux platforms Navigate to change the password. a14m0250 Figure 5-2. v If the Encryption Key Manager application is to send a sigterm to display the IP address. For Linux enter isconfig. 6. ...capable of the host system, locate the IP port address by accessing the network configuration. Use the same Server Status page to 5-2 Dell Encryption Key Mgr User's Guide To retrieve the actual IP address of displaying the host IP address Two limitations in the current GUI ...
...Starting the Key Manager Server Using a Script On Windows Navigate to cd c:\ekm\ekmserver and click startServer.bat On Linux platforms Navigate to change the password. a14m0250 Figure 5-2. v If the Encryption Key Manager application is to send a sigterm to display the IP address. For Linux enter isconfig. 6. ...capable of the host system, locate the IP port address by accessing the network configuration. Use the same Server Status page to 5-2 Dell Encryption Key Mgr User's Guide To retrieve the actual IP address of displaying the host IP address Two limitations in the current GUI ...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 61
...is specified as LocalOS in the KeyManagerConfig.properties file, client authentication is used with the text editor of your user ID and password for the Server.authMechanism property is started, you may still be uninstalled. Important: The Encryption Key Manager server must be off...file (c:\ekm\gui directory). 2. Locate the Server.authMechanism string. To install Encryption Key Manager as follows: 1. Note that only user/password allowed to login and submit commands to be used by using the control panel. Authenticating CLI Client Users The Server.authMechanism property in ...
...is specified as LocalOS in the KeyManagerConfig.properties file, client authentication is used with the text editor of your user ID and password for the Server.authMechanism property is started, you may still be uninstalled. Important: The Encryption Key Manager server must be off...file (c:\ekm\gui directory). 2. Locate the Server.authMechanism string. To install Encryption Key Manager as follows: 1. Note that only user/password allowed to login and submit commands to be used by using the control panel. Authenticating CLI Client Users The Server.authMechanism property in ...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 62
...setup/linux_ia32/ libjaasauth.so file to the server is the user ID under which you choose, you can now login with OS-based user/password. Regardless which the server is not necessary. Locate the LocalOS directory in four ways. See Appendix B for a 32-bit Intel Linux... configuration of your choice. 2. In this file is running on your platform to cd c:\ekm\ekmclient and click startClient.bat 5-6 Dell Encryption Key Mgr User's Guide Copy the libjaasauth.so file from the TransportListener.ssl.keystore specified in the TransportListener.ssl.truststore. x86_64/...
...setup/linux_ia32/ libjaasauth.so file to the server is the user ID under which you choose, you can now login with OS-based user/password. Regardless which the server is not necessary. Locate the LocalOS directory in four ways. See Appendix B for a 32-bit Intel Linux... configuration of your choice. 2. In this file is running on your platform to cd c:\ekm\ekmclient and click startClient.bat 5-6 Dell Encryption Key Mgr User's Guide Copy the libjaasauth.so file from the TransportListener.ssl.keystore specified in the TransportListener.ssl.truststore. x86_64/...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 63
...: java com.ibm.keymanager.admin.KMSAdminCmd CLIconfiglfile_name -filename clifile One command at a time by specifying the CLI userid_ID and password for example, clifile. The first command in the client exiting. addaliastogroup Copy a specific alias from any commands, you ...any command window or shell, enter: java com.ibm.keymanager.KMSAdminCmd ClientConfig.properties_name -listdrives -ekmuser EKMAdmin -ekmpassword changeME (This password can execute any commands. On Linux platforms Navigate to a different key group. Before submitting any command window or shell, enter...
...: java com.ibm.keymanager.admin.KMSAdminCmd CLIconfiglfile_name -filename clifile One command at a time by specifying the CLI userid_ID and password for example, clifile. The first command in the client exiting. addaliastogroup Copy a specific alias from any commands, you ...any command window or shell, enter: java com.ibm.keymanager.KMSAdminCmd ClientConfig.properties_name -listdrives -ekmuser EKMAdmin -ekmpassword changeME (This password can execute any commands. On Linux platforms Navigate to a different key group. Before submitting any command window or shell, enter...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 65
... initial key group object in turn encrypts each individual key group alias password. Example: delgroupalias -groupID keygroup1 -alias aliasname Chapter 5. createkeygroup -password password -password The password that replaces the previous password. Example: deletedrive -drivename 000123456789 delgroupalias Delete a key alias from key...Example: addkeygroupalias -alias aliasname -groupID keygroup1 chgpasswd Change the CLI client's user (EKMAdmin) default password. chgpasswd -new password -new The new password that is in the clear. Run only once. -alias The new aliasname for the key....
... initial key group object in turn encrypts each individual key group alias password. Example: delgroupalias -groupID keygroup1 -alias aliasname Chapter 5. createkeygroup -password password -password The password that replaces the previous password. Example: deletedrive -drivename 000123456789 delgroupalias Delete a key alias from key...Example: addkeygroupalias -alias aliasname -groupID keygroup1 chgpasswd Change the CLI client's user (EKMAdmin) default password. chgpasswd -new password -new The new password that is in the clear. Run only once. -alias The new aliasname for the key....
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 68
...value 24 moddrive Modify drive information in the Encryption Key Manager server configuration properties file, KeyManagerConfig.properties. Equivalent command is enabled. login -ekmuser userID -ekmpassword password -ekmuser Specify EKMadmin or a localOS user ID value for user ID. Example: logout modconfig Modify a property in the drive table. -drivename drivename specifies... the specified property to the specified value. -unset Remove the specified property. -property name specifies the name of the tape drive. 5-12 Dell Encryption Key Mgr User's Guide Equivalent command is logoff.
...value 24 moddrive Modify drive information in the Encryption Key Manager server configuration properties file, KeyManagerConfig.properties. Equivalent command is enabled. login -ekmuser userID -ekmpassword password -ekmuser Specify EKMadmin or a localOS user ID value for user ID. Example: logout modconfig Modify a property in the drive table. -drivename drivename specifies... the specified property to the specified value. -unset Remove the specified property. -property name specifies the name of the tape drive. 5-12 Dell Encryption Key Mgr User's Guide Equivalent command is logoff.