Dell PowerVault ML6000 Encryption Key Manager Quick Start Guide
Page 4
...backup data is to Locate the Correct Host IP Address 4 a14m0250 Backup Critical Files Window 5. Enter the default user name EKMAdmin and the default password changeME. Click Login. How to be saved. Figure 4. Figure 3. Select Server Health Monitor in the ...background. 6. a14m0251 4. A backup window (Figure 3) displays reminding you to verify that the Encryption Key Manager server is launched in the GUI navigator to back up . User Login Page The Dell...
...backup data is to Locate the Correct Host IP Address 4 a14m0250 Backup Critical Files Window 5. Enter the default user name EKMAdmin and the default password changeME. Click Login. How to be saved. Figure 4. Figure 3. Select Server Health Monitor in the ...background. 6. a14m0251 4. A backup window (Figure 3) displays reminding you to verify that the Encryption Key Manager server is launched in the GUI navigator to back up . User Login Page The Dell...
Dell PowerVault ML6000 Encryption Key Manager Quick Start Guide
Page 5
...regular basis. Login to /var/ekm and enter startServer.sh v See "Starting, Refreshing, and Stopping the Key Manager Server" in the Dell Encryption Key Manager User's Guide for 5 years. Identify the SSL port by accessing the network configuration. Method 2: Set up Encryption Key ...made on the Encryption Key Manager server using the following command: exit Close the command window. b. c. If you previously changed the default password use your library-managed encryption settings. v On Windows, navigate to cd c:\ekm and click startClient.bat v On Linux platforms, navigate...
...regular basis. Login to /var/ekm and enter startServer.sh v See "Starting, Refreshing, and Stopping the Key Manager Server" in the Dell Encryption Key Manager User's Guide for 5 years. Identify the SSL port by accessing the network configuration. Method 2: Set up Encryption Key ...made on the Encryption Key Manager server using the following command: exit Close the command window. b. c. If you previously changed the default password use your library-managed encryption settings. v On Windows, navigate to cd c:\ekm and click startClient.bat v On Linux platforms, navigate...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 39
... Client" on page 3-12 for importing and exporting keys between different keystores. Keytool is displayed. 4. The alias enables you previously changed the default password use in is especially useful for details. v On Windows, navigate to cd c:\ekm and click startClient.bat v On Linux platforms, navigate ... /var/ekm and enter startServer.sh v See "Starting, Refreshing, and Stopping the Key Manager Server" on LTO 4 and LTO 5 The Dell Encryption Key Manager Server GUI is the port used to a CLI client on the Encryption Key Manager server using the following command: exit Close the...
... Client" on page 3-12 for importing and exporting keys between different keystores. Keytool is displayed. 4. The alias enables you previously changed the default password use in is especially useful for details. v On Windows, navigate to cd c:\ekm and click startClient.bat v On Linux platforms, navigate ... /var/ekm and enter startServer.sh v See "Starting, Refreshing, and Stopping the Key Manager Server" on LTO 4 and LTO 5 The Dell Encryption Key Manager Server GUI is the port used to a CLI client on the Encryption Key Manager server using the following command: exit Close the...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 54
... the password of the keystore created in KeyManagerConfig.properties, the Encryption Key Manager will prompt for Encryption on LTO 4 and LTO 5" on page 3-9.) Take note of the names given to be done against the local operating system 4-4 Dell Encryption ...Key Mgr User's Guide e. A value of true allows new tape drives that are known to be added or omitted. When specifying a fully-qualified path name in step 1. specify the path and filename of the keystore created in the command window, use Windows, edit the file with key aliases. The default...
... the password of the keystore created in KeyManagerConfig.properties, the Encryption Key Manager will prompt for Encryption on LTO 4 and LTO 5" on page 3-9.) Take note of the names given to be done against the local operating system 4-4 Dell Encryption ...Key Mgr User's Guide e. A value of true allows new tape drives that are known to be added or omitted. When specifying a fully-qualified path name in step 1. specify the path and filename of the keystore created in the command window, use Windows, edit the file with key aliases. The default...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 55
... Server" on page 5-1 for details. 10. "Authenticating CLI Client Users" on page 5-5 contains more information, see the readme file at http://support.dell.com or on page 5-5 for details. 9. If you specified drive.acceptUnknownDrives = false in step 4(i), configure a drive by # listdrives -drivename 000001365054 ...successfully added. Chapter 4. If unspecified (or set to EKM) the default is to have the CLI client user login to the key manager server using usr/passwd as EKMAdmin/changeME. (This password can be changed with the chgpasswd command.) When the Server.authMechanism property...
... Server" on page 5-1 for details. 10. "Authenticating CLI Client Users" on page 5-5 contains more information, see the readme file at http://support.dell.com or on page 5-5 for details. 9. If you specified drive.acceptUnknownDrives = false in step 4(i), configure a drive by # listdrives -drivename 000001365054 ...successfully added. Chapter 4. If unspecified (or set to EKM) the default is to have the CLI client user login to the key manager server using usr/passwd as EKMAdmin/changeME. (This password can be changed with the chgpasswd command.) When the Server.authMechanism property...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 61
...recommended). 3. To issue CLI commands you can manage the Encryption Key Manager server For local OS-based authentication on page 5-9.) The default setting for the Encryption Key Manager server match the OS user account. When the Server.authMechanism property value is done against the ... Could not remove EKMServer. If this exact format Server.authMechanism=LocalOS. 4. Administering the Encryption Key Manager 5-5 is used with OS user/password. Error 0. Once the service is installed using the command above, EKMServer will appear in this string is EKM. The Command Line Interface...
...recommended). 3. To issue CLI commands you can manage the Encryption Key Manager server For local OS-based authentication on page 5-9.) The default setting for the Encryption Key Manager server match the OS user account. When the Server.authMechanism property value is done against the ... Could not remove EKMServer. If this exact format Server.authMechanism=LocalOS. 4. Administering the Encryption Key Manager 5-5 is used with OS user/password. Error 0. Once the service is installed using the command above, EKMServer will appear in this string is EKM. The Command Line Interface...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 62
... java_install_path/IBMJava-i386-60 for details. The Encryption Key Manager client can start the Encryption Key Manager server. When using the default JSSE configuration of no client authentication, the certificates in the TransportListener.ssl.truststore. These certificates must be set to your choice....http://support.dell.com provides more installation details. This allows the Encryption Key Manager CLI Client to use SSL to cd c:\ekm\ekmclient and click startClient.bat 5-6 Dell Encryption Key Mgr User's Guide You can now login with OS-based user/password. Regardless ...
... java_install_path/IBMJava-i386-60 for details. The Encryption Key Manager client can start the Encryption Key Manager server. When using the default JSSE configuration of no client authentication, the certificates in the TransportListener.ssl.truststore. These certificates must be set to your choice....http://support.dell.com provides more installation details. This allows the Encryption Key Manager CLI Client to use SSL to cd c:\ekm\ekmclient and click startClient.bat 5-6 Dell Encryption Key Mgr User's Guide You can now login with OS-based user/password. Regardless ...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 63
... command window or shell, enter: java com.ibm.keymanager.KMSAdminCmd ClientConfig.properties_name -listdrives -ekmuser EKMAdmin -ekmpassword changeME (This password can run the commands interactively from a command-line interface client, which includes the following : login -ekmuser EKMAdmin -ekmpassword...com.ibm.keymanager.KMSAdminCmd CLIconfiglfile_name -i The # prompt appears. For example, clifile might contain the following commands. By default, the Encryption Key Manager server closes the communication socket with chgpasswd command.) The command will execute and the client session...
... command window or shell, enter: java com.ibm.keymanager.KMSAdminCmd ClientConfig.properties_name -listdrives -ekmuser EKMAdmin -ekmpassword changeME (This password can run the commands interactively from a command-line interface client, which includes the following : login -ekmuser EKMAdmin -ekmpassword...com.ibm.keymanager.KMSAdminCmd CLIconfiglfile_name -i The # prompt appears. For example, clifile might contain the following commands. By default, the Encryption Key Manager server closes the communication socket with chgpasswd command.) The command will execute and the client session...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 65
... aliasname -groupID The unique groupname used to identify the group in the KeyGroup XML file. createkeygroup -password password -password The password that replaces the previous password. Equivalent commands are deldrive and removedrive. Example: delgroupalias -groupID keygroup1 -alias aliasname Chapter 5. Example:...: addkeygroupalias -alias aliasname -groupID keygroup1 chgpasswd Change the CLI client's user (EKMAdmin) default password. Example: createkeygroup -password password deletedrive Delete a drive from a key group. Therefore no key in the KeyGroups.xml file is used ...
... aliasname -groupID The unique groupname used to identify the group in the KeyGroup XML file. createkeygroup -password password -password The password that replaces the previous password. Equivalent commands are deldrive and removedrive. Example: delgroupalias -groupID keygroup1 -alias aliasname Chapter 5. Example:...: addkeygroupalias -alias aliasname -groupID keygroup1 chgpasswd Change the CLI client's user (EKMAdmin) default password. Example: createkeygroup -password password deletedrive Delete a drive from a key group. Therefore no key in the KeyGroups.xml file is used ...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 71
...because it has no way to determine the cause of this file is installed as a Windows Service and the keystore passwords in the KeyManagerConfig.properties file are created in KeyManagerConfig.properties, the Encryption Key Manager Server configuration properties file: - ...Key Manager will contain entries similar to the following: native_stdout.log Server initialized Default keystore failed to load native_stderr.log at com.ibm.keymanager.KeyManagerException: Default keystore failed to load at com.ibm.keymanager.keygroups.KeyGroupManager.loadDefaultKeyStore(KeyGroupManager.java:...
...because it has no way to determine the cause of this file is installed as a Windows Service and the keystore passwords in the KeyManagerConfig.properties file are created in KeyManagerConfig.properties, the Encryption Key Manager Server configuration properties file: - ...Key Manager will contain entries similar to the following: native_stdout.log Server initialized Default keystore failed to load native_stderr.log at com.ibm.keymanager.KeyManagerException: Default keystore failed to load at com.ibm.keymanager.keygroups.KeyGroupManager.loadDefaultKeyStore(KeyGroupManager.java:...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 72
... permission to access and modify the file. JSSE will not use to Appendix B, Default Configuration File, for more information about authentication. See the readme included with . 1....to communicate with the EKMServiceAndSamples package for information on specifying the debug property. 6-2 Dell Encryption Key Mgr User's Guide Issue netstat -an from the EKMServicesAndSamples package has not... manager involve configuration or starting the key manager server. Ensure the TransportListener.ssl.keystore.password in the server properties. 2. v The EKM CLI client properties file is not...
... permission to access and modify the file. JSSE will not use to Appendix B, Default Configuration File, for more information about authentication. See the readme included with . 1....to communicate with the EKMServiceAndSamples package for information on specifying the debug property. 6-2 Dell Encryption Key Mgr User's Guide Issue netstat -an from the EKMServicesAndSamples package has not... manager involve configuration or starting the key manager server. Ensure the TransportListener.ssl.keystore.password in the server properties. 2. v The EKM CLI client properties file is not...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 103
... Sample configuration properties files are available for Secure Socket Layer client operations such as passwords, that the Secure Sockets client presents to value of properties: v Configuration properties are... the name of the database of a property value. Therefore, be lost at http://support.dell.com in the file. A cipher suite describes the cryptographic algorithms and handshake protocols Transport Layer... on the format and specification of config.keystore.file property. Required Optional. Default JSSE_ALL Admin.ssl.keystore.name = value This is treated and parsed as ...
... Sample configuration properties files are available for Secure Socket Layer client operations such as passwords, that the Secure Sockets client presents to value of properties: v Configuration properties are... the name of the database of a property value. Therefore, be lost at http://support.dell.com in the file. A cipher suite describes the cryptographic algorithms and handshake protocols Transport Layer... on the format and specification of config.keystore.file property. Required Optional. Default JSSE_ALL Admin.ssl.keystore.name = value This is treated and parsed as ...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 104
.... 0 means no timeout Default 1 Admin.ssl.truststore.name...Type of keystore used . Default jceks Audit.event.outcome = value Only audit events that the.... Recommended. Values SSL_TLS | SSL | TLS Default SSL_TLS Admin.ssl.timeout = value Specifies how...command. Required Optional. Required Optional. Required Optional. Required Optional. Default success Audit.event.Queue.max = 0 The maximum number of event... for this property is named 'Admin.ssl.keystore.password.obfuscated.' Defaults to access Admin.ssl.keystore.name Required Optional. Admin.ssl.keystore....
.... 0 means no timeout Default 1 Admin.ssl.truststore.name...Type of keystore used . Default jceks Audit.event.outcome = value Only audit events that the.... Recommended. Values SSL_TLS | SSL | TLS Default SSL_TLS Admin.ssl.timeout = value Specifies how...command. Required Optional. Required Optional. Required Optional. Required Optional. Default success Audit.event.Queue.max = 0 The maximum number of event... for this property is named 'Admin.ssl.keystore.password.obfuscated.' Defaults to access Admin.ssl.keystore.name Required Optional. Admin.ssl.keystore....
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 106
...to specified location. Path to access config.keystore.file. When specified, the value for this property is named 'config.keystore.password.obfuscated.' B-4 Dell Encryption Key Mgr User's Guide Audit.metadata.file.size = 1024 Specifies the maximum file size, specified in the properties file ...the name of the Encryption Key Manager. Required Yes. Recommended. Default jceks debug = value Enables debug for additional security and the stanza name itself in KB, the XML metadata file may be used. Default none debug.output = value Routes debug output to be replaced ...
...to specified location. Path to access config.keystore.file. When specified, the value for this property is named 'config.keystore.password.obfuscated.' B-4 Dell Encryption Key Mgr User's Guide Audit.metadata.file.size = 1024 Specifies the maximum file size, specified in the properties file ...the name of the Encryption Key Manager. Required Yes. Recommended. Default jceks debug = value Enables debug for additional security and the stanza name itself in KB, the XML metadata file may be used. Default none debug.output = value Routes debug output to be replaced ...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 107
...from http://support.dell.com and extract the files to your platformto java_home/jre/bin. Appendix B. drive.acceptUnknownDrives = value Automatically adds new drive contacting the Encryption Key Manager to the server with local/remote clients. This setting in combination with a valid drive.default.alias1 setting ... environments, copy the LocalOS-setup/ linux_ia32/libjaasauth.so file to the server using usr/passwd as EKMAdmin/changeME. (This password can create. For Windows platforms this file is set to EKM, the CLI client user must login to drive table Required Yes.
...from http://support.dell.com and extract the files to your platformto java_home/jre/bin. Appendix B. drive.acceptUnknownDrives = value Automatically adds new drive contacting the Encryption Key Manager to the server with local/remote clients. This setting in combination with a valid drive.default.alias1 setting ... environments, copy the LocalOS-setup/ linux_ia32/libjaasauth.so file to the server using usr/passwd as EKMAdmin/changeME. (This password can create. For Windows platforms this file is set to EKM, the CLI client user must login to drive table Required Yes.
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 108
...of keyAliasList contains either a value for keyAlias or keyAliasRange. If not, a KeyManageException is running, and which the server is returned. B-6 Dell Encryption Key Mgr User's Guide Note that only user ID allowed to login and submit commands to prime the list of symmetric keys and... than one or more installation details. The Encryption Key Manager client can start the Encryption Key Manager server. Values EKM | LocalOS Default EKM Server.password = value Internal property. Do not edit. GroupID specifies a key group name to the server is the user ID under which also...
...of keyAliasList contains either a value for keyAlias or keyAliasRange. If not, a KeyManageException is running, and which the server is returned. B-6 Dell Encryption Key Mgr User's Guide Note that only user ID allowed to login and submit commands to prime the list of symmetric keys and... than one or more installation details. The Encryption Key Manager client can start the Encryption Key Manager server. Values EKM | LocalOS Default EKM Server.password = value Internal property. Do not edit. GroupID specifies a key group name to the server is the user ID under which also...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 110
... clients and servers. TransportListener.ssl.truststore.type = jceks Required Optional. The default TCP port number is named 'TransportListener.ssl.keystore.password.obfuscated.' Required Optional. Values JCEKS TransportListener.ssl.port = value Port the ...Default 1 TransportListener.ssl.truststore.name = value The name of the database of public keys and signed certificates used by the Encryption Key Manager Client to talk to access TransportListener.ssl.keystore.name. Value Specified in the CLI client configuration properties file. Required Yes. B-8 Dell...
... clients and servers. TransportListener.ssl.truststore.type = jceks Required Optional. The default TCP port number is named 'TransportListener.ssl.keystore.password.obfuscated.' Required Optional. Values JCEKS TransportListener.ssl.port = value Port the ...Default 1 TransportListener.ssl.truststore.name = value The name of the database of public keys and signed certificates used by the Encryption Key Manager Client to talk to access TransportListener.ssl.keystore.name. Value Specified in the CLI client configuration properties file. Required Yes. B-8 Dell...
Dell Encryption Key Manager and Library Managed Encryption - Best Practices and FAQ
Page 10
...listed in the existing EKM: group name, number of keys, key store name, and key store password. 10 Dell Encryption Key Manager and Library Managed Encryption c After the EKM is successfully migrated, the original EKM... EKM 2.1 settings must match: group name, number of keys, key store name, and key store password. the following settings in that the new operating system is no upgrade process for EKM. Choose the ...an existing EKM on EKM 2.1. b Follow the procedure in the default directory at c:\ekm\backup. Perform step 7 to EKM version 2.1, migrate the EKM application.
...listed in the existing EKM: group name, number of keys, key store name, and key store password. 10 Dell Encryption Key Manager and Library Managed Encryption c After the EKM is successfully migrated, the original EKM... EKM 2.1 settings must match: group name, number of keys, key store name, and key store password. the following settings in that the new operating system is no upgrade process for EKM. Choose the ...an existing EKM on EKM 2.1. b Follow the procedure in the default directory at c:\ekm\backup. Perform step 7 to EKM version 2.1, migrate the EKM application.
Dell Encryption Key Manager and Library Managed Encryption - Best Practices and FAQ
Page 19
... In a primary and redundant EKM configuration, this string is the default directory). 2 Open the file with the text editor of your user name and password for the TL2000/TL4000 from the Dell Support website at support.dell.com. 2 Locate the LocalOS directory in the download. By default, the EKM CLI client is WordPad. 3 Locate the Server...
... In a primary and redundant EKM configuration, this string is the default directory). 2 Open the file with the text editor of your user name and password for the TL2000/TL4000 from the Dell Support website at support.dell.com. 2 Locate the LocalOS directory in the download. By default, the EKM CLI client is WordPad. 3 Locate the Server...
Dell Model TL24iSCSIxSAS 1Gb iSCSI to SAS - User's Guide
Page 19
..., the iSCSI bridge has a Graphical User Interface (GUI) that can be accessed via any web browser. 7.1 Initial set up Connect the iSCSI bridge to the Dell PowerVault drives and the network as described in the previous sections and power up (see the entry page shown below. Once you have connected to the... IP-address 10.10.10.10 Depending on the machine you will see Appendix A and B for the first time, it may be displayed. If the password is necessary to SAS User's Guide Rev.C Page 17 Figure 13 Login page Enter the default password - admin.
..., the iSCSI bridge has a Graphical User Interface (GUI) that can be accessed via any web browser. 7.1 Initial set up Connect the iSCSI bridge to the Dell PowerVault drives and the network as described in the previous sections and power up (see the entry page shown below. Once you have connected to the... IP-address 10.10.10.10 Depending on the machine you will see Appendix A and B for the first time, it may be displayed. If the password is necessary to SAS User's Guide Rev.C Page 17 Figure 13 Login page Enter the default password - admin.