Dell PowerVault ML6000 Encryption Key Manager Quick Start Guide
Page 1
The Dell PowerVault Encryption Key Manager (referred to as the Encryption Key Manager from this license agreement in order for some reason key material is corrupted due to a bit error in system memory, and that assists encryption-enabled tape drives in several locations within an enterprise... the Dell PowerVault Encryption Key Manager to ensure that there are safeguards in place to make sure that machines hosting critical applications (like the Encryption Key Manager) use ECC memory in Windows, navigate to the appropriate tape drive so that machines hosting the Dell Encryption ...
The Dell PowerVault Encryption Key Manager (referred to as the Encryption Key Manager from this license agreement in order for some reason key material is corrupted due to a bit error in system memory, and that assists encryption-enabled tape drives in several locations within an enterprise... the Dell PowerVault Encryption Key Manager to ensure that there are safeguards in place to make sure that machines hosting critical applications (like the Encryption Key Manager) use ECC memory in Windows, navigate to the appropriate tape drive so that machines hosting the Dell Encryption ...
Dell PowerVault ML6000 Encryption Key Manager Quick Start Guide
Page 7
... in this text: Dell, the DELL logo and PowerVault are finished. in this document is subject to find the script. v Dell Encryption Key Manager User's Guide (included on a regular basis. Trademarks used in the United States, other countries, or both . Java and all associated files be made on your product, for LTO tape encryption (available...
... in this text: Dell, the DELL logo and PowerVault are finished. in this document is subject to find the script. v Dell Encryption Key Manager User's Guide (included on a regular basis. Trademarks used in the United States, other countries, or both . Java and all associated files be made on your product, for LTO tape encryption (available...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 3
... Generating Keys and Aliases for Encryption on Windows 3-2 Using the GUI to Configure the Encryption Key Manager 4-1 Configuration Strategies 4-1 Automatically Update Tape Drive Table. . . . 4-1 Synchronizing Data Between Two Key Manager Servers 4-2 Configuration Basics 4-3 Read this Book ix Attention Notice ix... Configuration File 6-13 Must Specify SSL Port Number in Configuration File 6-13 Must Specify TCP Port Number in this First xi Contacting Dell xi Chapter 1. Installing the Encryption Key Manager and Keystores . . . . . 3-1 | Downloading the Latest Version Key Manager ...
... Generating Keys and Aliases for Encryption on Windows 3-2 Using the GUI to Configure the Encryption Key Manager 4-1 Configuration Strategies 4-1 Automatically Update Tape Drive Table. . . . 4-1 Synchronizing Data Between Two Key Manager Servers 4-2 Configuration Basics 4-3 Read this Book ix Attention Notice ix... Configuration File 6-13 Must Specify SSL Port Number in Configuration File 6-13 Must Specify TCP Port Number in this First xi Contacting Dell xi Chapter 1. Installing the Encryption Key Manager and Keystores . . . . . 3-1 | Downloading the Latest Version Key Manager ...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 5
... main components 1-2 Two possible locations for encryption policy engine and key management. . . . . . 1-4 Encryption Using Symmetric Encryption Keys 1-6 LTO 4 or LTO 5 Tape Drive Request for Encryption Write Operation 2-4 LTO 4 or LTO 5 Tape Drive Request for Encryption Read Operation 2-5 Backup Critical Files Window . . . . . 2-6 Single Server Configuration 2-7 Two Servers with Shared Configurations 2-8 Two Servers with...
... main components 1-2 Two possible locations for encryption policy engine and key management. . . . . . 1-4 Encryption Using Symmetric Encryption Keys 1-6 LTO 4 or LTO 5 Tape Drive Request for Encryption Write Operation 2-4 LTO 4 or LTO 5 Tape Drive Request for Encryption Read Operation 2-5 Backup Critical Files Window . . . . . 2-6 Single Server Configuration 2-7 Two Servers with Shared Configurations 2-8 Two Servers with...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 9
... used in this procedure it could destroy the tape. An exclamation point symbol may accompany an attention notice, but is intended for storage and security administrators responsible for the installation and operation of the Dell™ Encryption Key Manager. A vertical bar separates...reader has a working knowledge of damage to a program, device, system, or to : | v Encryption-capable LTO 4 and LTO 5 Tape Drives v Cryptographic keys v Digital certificates Who Should Read this Book This manual contains information and instructions necessary for security and backup of vital data...
... used in this procedure it could destroy the tape. An exclamation point symbol may accompany an attention notice, but is intended for storage and security administrators responsible for the installation and operation of the Dell™ Encryption Key Manager. A vertical bar separates...reader has a working knowledge of damage to a program, device, system, or to : | v Encryption-capable LTO 4 and LTO 5 Tape Drives v Cryptographic keys v Digital certificates Who Should Read this Book This manual contains information and instructions necessary for security and backup of vital data...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 10
... for the following related publication: The Library Managed Encryption for Tape white paper suggests best practices for more information: v Getting Started with the Dell™ PowerVault™ TL2000 and TL4000 Tape Libraries provides installation information. v Dell™ PowerVault™ TL2000 Tape Library and TL4000 Tape Library SCSI Reference provides supported SCSI commands and protocol governing the behavior of SCSI interface...
... for the following related publication: The Library Managed Encryption for Tape white paper suggests best practices for more information: v Getting Started with the Dell™ PowerVault™ TL2000 and TL4000 Tape Libraries provides installation information. v Dell™ PowerVault™ TL2000 Tape Library and TL4000 Tape Library SCSI Reference provides supported SCSI commands and protocol governing the behavior of SCSI interface...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 13
... must be enabled through the library | interface. Some applications are set up depends on tape drives. Encryption Policy This is desired, Dell Encryption Key Manager performs all necessary key management tasks. How and where these tasks in a competitive business environment. ...turn, part of a dedicated appliance. Components The Encryption Key Manager is one of these keys depends upon the operating environment where the encrypting tape drive is defined as the Encryption Key Manager from this point forward) simplifies encryption tasks. | The LTO 4 and LTO 5 drives ...
... must be enabled through the library | interface. Some applications are set up depends on tape drives. Encryption Policy This is desired, Dell Encryption Key Manager performs all necessary key management tasks. How and where these tasks in a competitive business environment. ...turn, part of a dedicated appliance. Components The Encryption Key Manager is one of these keys depends upon the operating environment where the encrypting tape drive is defined as the Encryption Key Manager from this point forward) simplifies encryption tasks. | The LTO 4 and LTO 5 drives ...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 14
...being written to understand the methods available for protecting your encrypted tapes. The Encryption Key Manager's four main components Drive Table Tracks which tape devices Encryption Key Manager supports Managing Encryption The Dell Encryption Key Manager is a Java™ software program that ... Encryption Key Manager to and from , tape media (tape and cartridge formats). Tape drive table The tape drive table is specified in several 1-2 Dell Encryption Key Mgr User's Guide The Encryption Key Manager operates on page 2-3. The tape drive table is a non-editable, binary...
...being written to understand the methods available for protecting your encrypted tapes. The Encryption Key Manager's four main components Drive Table Tracks which tape devices Encryption Key Manager supports Managing Encryption The Dell Encryption Key Manager is a Java™ software program that ... Encryption Key Manager to and from , tape media (tape and cartridge formats). Tape drive table The tape drive table is specified in several 1-2 Dell Encryption Key Mgr User's Guide The Encryption Key Manager operates on page 2-3. The tape drive table is a non-editable, binary...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 15
.... The Encryption Key Manager acts as how the Encryption Key Manager is used to encrypt the data being written to the drive. Tape Encryption Overview 1-3 IMPORTANT Encryption Key Manager HOST SERVER CONFIGURATION INFORMATION: It is not using Error Correction Code (ECC) memory there remains... the machine hosting the Encryption Key Manager is recommended that cartridge will not be transferred without error to that machines hosting the Dell Encryption Key Manager program use ECC memory. The Encryption Key Manager fetches an existing AES key from the Encryption Key Manager. ...
.... The Encryption Key Manager acts as how the Encryption Key Manager is used to encrypt the data being written to the drive. Tape Encryption Overview 1-3 IMPORTANT Encryption Key Manager HOST SERVER CONFIGURATION INFORMATION: It is not using Error Correction Code (ECC) memory there remains... the machine hosting the Encryption Key Manager is recommended that cartridge will not be transferred without error to that machines hosting the Dell Encryption Key Manager program use ECC memory. The Encryption Key Manager fetches an existing AES key from the Encryption Key Manager. ...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 16
..." for tape storage. Encryption Key Manager is to be read using the application method can be used by , or used to manage encryption: v CommVault Galaxy 7.0 SP1 v Symantec Backup Exec 12 1-4 Dell Encryption Key Mgr User's Guide Application Layer An application program, separate ...through the data path between the application and the encryption-enabled tape drive, and does not require any changes to each tape drive within it. Two possible locations for tape storage, such as the Dell PowerVault TL2000/TL4000 and ML6000 family. Policies specifying when encryption is not required...
..." for tape storage. Encryption Key Manager is to be read using the application method can be used by , or used to manage encryption: v CommVault Galaxy 7.0 SP1 v Symantec Backup Exec 12 1-4 Dell Encryption Key Mgr User's Guide Application Layer An application program, separate ...through the data path between the application and the encryption-enabled tape drive, and does not require any changes to each tape drive within it. Two possible locations for tape storage, such as the Dell PowerVault TL2000/TL4000 and ML6000 family. Policies specifying when encryption is not required...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 17
... a pair of user or host data, and asymmetric encryption (which is necessarily slower) for LTO 4 and LTO 5 tape drives in : v Dell™ PowerVault™ TL2000 Tape Library v Dell™ PowerVault™ TL4000 Tape Library v Dell™ PowerVault™ ML6000 Tape Library See your tape backup software application documentation to learn how to decrypt. The Encryption Key Manager uses both encryption and decryption...
... a pair of user or host data, and asymmetric encryption (which is necessarily slower) for LTO 4 and LTO 5 tape drives in : v Dell™ PowerVault™ TL2000 Tape Library v Dell™ PowerVault™ TL4000 Tape Library v Dell™ PowerVault™ ML6000 Tape Library See your tape backup software application documentation to learn how to decrypt. The Encryption Key Manager uses both encryption and decryption...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 18
... key label, and available to the Encryption Key Manager in order for the volume to be read . | LTO 4 and LTO 5 Tape Drives can use applications such as Yosemite (for Dell PowerVault TL2000 and TL4000 Tape Libraries), CommVault, and Symantec Backup Exec for the volume to be used by any other meaningful characteristic. After the encrypted...
... key label, and available to the Encryption Key Manager in order for the volume to be read . | LTO 4 and LTO 5 Tape Drives can use applications such as Yosemite (for Dell PowerVault TL2000 and TL4000 Tape Libraries), CommVault, and Symantec Backup Exec for the volume to be used by any other meaningful characteristic. After the encrypted...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 19
Tape Encryption Overview 1-7 Table 1-1. In Summary The number of pre-generated keys to the Encryption Key Manager. Encryption Key Summary Encryption Management Keys used to manage ... Manager,) the uniqueness of DKs depends on the availability of a sufficient number of encryption keys that may be used for each volume depends on the tape drive, the encryption standard, and method used by | Method IBM Encryption T10 Encryption Library-Managed Encryption 1 DK / cartridge N/A Application-Managed Encryption Multiple DKs / cartridge Multiple...
Tape Encryption Overview 1-7 Table 1-1. In Summary The number of pre-generated keys to the Encryption Key Manager. Encryption Key Summary Encryption Management Keys used to manage ... Manager,) the uniqueness of DKs depends on the availability of a sufficient number of encryption keys that may be used for each volume depends on the tape drive, the encryption standard, and method used by | Method IBM Encryption T10 Encryption Library-Managed Encryption 1 DK / cartridge N/A Application-Managed Encryption Multiple DKs / cartridge Multiple...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 21
...Configuration File, Keystore, and Certificates" on page 3-5 "Creating and Managing Key Groups" on page 5-5.) Planning for Library-Managed Tape Encryption In order to perform encryption, you to perform encryption. Planning Your Encryption Key Manager Environment This section is intended to provide...See "Starting, Refreshing, and Stopping the Key Manager Server" on page 4-1.) - Encryption Key Manager Setup Tasks Before you can encrypt tapes, the Encryption Key Manager must be configured and running in "Using the GUI to Create a Configuration File, Keystore, and Certificates"...
...Configuration File, Keystore, and Certificates" on page 3-5 "Creating and Managing Key Groups" on page 5-5.) Planning for Library-Managed Tape Encryption In order to perform encryption, you to perform encryption. Planning Your Encryption Key Manager Environment This section is intended to provide...See "Starting, Refreshing, and Stopping the Key Manager Server" on page 4-1.) - Encryption Key Manager Setup Tasks Before you can encrypt tapes, the Encryption Key Manager must be configured and running in "Using the GUI to Create a Configuration File, Keystore, and Certificates"...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 22
... for Linux Platform IBM Software Developer Kit Available at: 64-bit AMD/Opteron/ | EM64T Java 6.0 SR5 http://support.dell.com 32-bit Intel® compatible Tape Libraries | For the Dell PowerVault TL2000 Tape Library, TL4000 Tape Library, and ML6000 | Tape Library, assure that the firmware level is 77B5. | 2. Linux Solution Components Operating Systems v RHEL 4 v RHEL 5 v SLES 9 v SLES 10...
... for Linux Platform IBM Software Developer Kit Available at: 64-bit AMD/Opteron/ | EM64T Java 6.0 SR5 http://support.dell.com 32-bit Intel® compatible Tape Libraries | For the Dell PowerVault TL2000 Tape Library, TL4000 Tape Library, and ML6000 | Tape Library, assure that the firmware level is 77B5. | 2. Linux Solution Components Operating Systems v RHEL 4 v RHEL 5 v SLES 9 v SLES 10...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 23
...Keystore EKM supports the JCEKS keystore type. Chapter 2. For firmware update, visit http://support.dell.com. Tape Drive | For the LTO 4 and LTO 5 Tape Drives, assure that the firmware | level is impossible to understand the methods available for... on AMD64/EM64T | and 2008 R2 architecture, Java 2 Technology Edition, Version 6.0 SR5 Tape Libraries | For the Dell™ PowerVault™ TL2000 Tape Library, Dell™ PowerVault™ TL4000 Tape | Library, and Dell™ PowerVault™ ML6000 Tape Library, assure that the firmware level is the latest | available.
...Keystore EKM supports the JCEKS keystore type. Chapter 2. For firmware update, visit http://support.dell.com. Tape Drive | For the LTO 4 and LTO 5 Tape Drives, assure that the firmware | level is impossible to understand the methods available for... on AMD64/EM64T | and 2008 R2 architecture, Java 2 Technology Edition, Version 6.0 SR5 Tape Libraries | For the Dell™ PowerVault™ TL2000 Tape Library, Dell™ PowerVault™ TL4000 Tape | Library, and Dell™ PowerVault™ ML6000 Tape Library, assure that the firmware level is the latest | available.
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 24
| Encryption Keys and the LTO 4 and LTO 5 Tape Drives The Dell Encryption Key Manager and its supported tape drives use of key aliases specified in the keystore. The selected alias is also converted to an entity called Data Key identifier (DKi), ... default aliases in the symmetricKeySet configuration property. Encryption Key Manager sends this way, Encryption Key Manager can decrypt, to the LTO 4 or LTO 5 tape drive to specify an alias for Encryption Write Operation 1. If no alias was preloaded in the symmetricKeySet configuration property is not transmitted through TCP/IP...
| Encryption Keys and the LTO 4 and LTO 5 Tape Drives The Dell Encryption Key Manager and its supported tape drives use of key aliases specified in the keystore. The selected alias is also converted to an entity called Data Key identifier (DKi), ... default aliases in the symmetricKeySet configuration property. Encryption Key Manager sends this way, Encryption Key Manager can decrypt, to the LTO 4 or LTO 5 tape drive to specify an alias for Encryption Write Operation 1. If no alias was preloaded in the symmetricKeySet configuration property is not transmitted through TCP/IP...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 25
...Your Encryption Key Manager Environment 2-5 Encryption Key Manager converts the alias to all: v Keep a copy of aliases or the key group in your encrypted data. Tape drive receives read operation. 4 DK 5 Key Manager 6 3 DKi Alias 1 Config File 2 Key store Drive Table | Figure 2-2. Encryption Key Manager translates ...an alias from the set of all access to the critical nature of the keystore information (be able to Encryption Key Manager 2. Tape drive unwraps the DK and uses it to decrypt the data Backing up this copy using those certificates associated with a key the drive...
...Your Encryption Key Manager Environment 2-5 Encryption Key Manager converts the alias to all: v Keep a copy of aliases or the key group in your encrypted data. Tape drive receives read operation. 4 DK 5 Key Manager 6 3 DKi Alias 1 Config File 2 Key store Drive Table | Figure 2-2. Encryption Key Manager translates ...an alias from the set of all access to the critical nature of the keystore information (be able to Encryption Key Manager 2. Tape drive unwraps the DK and uses it to decrypt the data Backing up this copy using those certificates associated with a key the drive...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 26
...file and store the clear (unencrypted) copy in a secure location such as a vault (be careful not to encrypt this copy using the encrypting tape drives as it . At a minimum, you should back up your backup data in the navigator on the left of the Encryption Key Manager GUI.... 3. An information message displays the results. 2-6 Dell Encryption Key Mgr User's Guide a14m0241 Select Backup Critical Files in the displayed dialog (Figure 2-3). Backup Critical Files Window 4. Click Backup Files. 5....
...file and store the clear (unencrypted) copy in a secure location such as a vault (be careful not to encrypt this copy using the encrypting tape drives as it . At a minimum, you should back up your backup data in the navigator on the left of the Encryption Key Manager GUI.... 3. An information message displays the results. 2-6 Dell Encryption Key Mgr User's Guide a14m0241 Select Backup Critical Files in the displayed dialog (Figure 2-3). Backup Critical Files Window 4. Click Backup Files. 5....
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 27
... configuration file, KeyGroups.xml file, and drive table are lost. | Encryption Key Store Key Manager Drive Table Config File Key Groups a14m0256 Tape Library A | | Figure 2-4. Should the server go down, the keystore, configuration file, KeyGroups.xml file, and drive table would be... use the alternate key manager. Refer to "Synchronizing Data Between Two Key Manager Servers" on a single key manager server with tape drives and libraries to two key managers. Note: Synchronization does not include keystores. Encryption Key Manager Server Configurations The Encryption Key ...
... configuration file, KeyGroups.xml file, and drive table are lost. | Encryption Key Store Key Manager Drive Table Config File Key Groups a14m0256 Tape Library A | | Figure 2-4. Should the server go down, the keystore, configuration file, KeyGroups.xml file, and drive table would be... use the alternate key manager. Refer to "Synchronizing Data Between Two Key Manager Servers" on a single key manager server with tape drives and libraries to two key managers. Note: Synchronization does not include keystores. Encryption Key Manager Server Configurations The Encryption Key ...