Dell PowerVault ML6000 Encryption Key Manager Quick Start Guide
Page 1
... Key Manager program use ECC memory in several locations within an enterprise. Visit http://support.dell.com to download the latest library and drive firmware prior to installing and configuring the Dell PowerVault Encryption Key Manager to ensure that there are safeguards in place to minimize the risk of this occurrence is small, but...
... Key Manager program use ECC memory in several locations within an enterprise. Visit http://support.dell.com to download the latest library and drive firmware prior to installing and configuring the Dell PowerVault Encryption Key Manager to ensure that there are safeguards in place to minimize the risk of this occurrence is small, but...
Dell PowerVault ML6000 Encryption Key Manager Quick Start Guide
Page 2
Click on every key in the Dell Encryption Key Manager User's Guide. 2 a14m0247 Once you have set the keystore password, do not change it unless it as follows: On Windows Navigate to c:\... are added through auto discovery to ensure that the password on the question mark to eliminate any data field for a description. On the EKM Server Configuration page (Figure 1) enter the data in the drive table. The Encryption Key Manager server should be able to the EKM Server Certificate...
Click on every key in the Dell Encryption Key Manager User's Guide. 2 a14m0247 Once you have set the keystore password, do not change it unless it as follows: On Windows Navigate to c:\... are added through auto discovery to ensure that the password on the question mark to eliminate any data field for a description. On the EKM Server Configuration page (Figure 1) enter the data in the drive table. The Encryption Key Manager server should be able to the EKM Server Certificate...
Dell PowerVault ML6000 Encryption Key Manager Quick Start Guide
Page 3
...directory. Figure 2. The date and time stamp must be removed once the file is located (example x:\ekm). EKM Server Certificate Configuration Page Note: Interrupting the Encryption Key Manager GUI during the initial install, navigate to identify the certificate and its purpose. To ...Manager server, restore your x:\ekm\gui\backupfiles folder). v If the Encryption Key Manager was previously interrupted. 3 On the EKM Server Certificate Configuration page (Figure 2) enter the key store alias and fill in your keystore file with the latest backup keystore (this event, follow these...
...directory. Figure 2. The date and time stamp must be removed once the file is located (example x:\ekm). EKM Server Certificate Configuration Page Note: Interrupting the Encryption Key Manager GUI during the initial install, navigate to identify the certificate and its purpose. To ...Manager server, restore your x:\ekm\gui\backupfiles folder). v If the Encryption Key Manager was previously interrupted. 3 On the EKM Server Certificate Configuration page (Figure 2) enter the key store alias and fill in your keystore file with the latest backup keystore (this event, follow these...
Dell PowerVault ML6000 Encryption Key Manager Quick Start Guide
Page 5
... Windows, navigate to cd c:\ekm and click startServer.bat v On Linux platforms, navigate to configure your new password.) Once login is successful User successfully logged in the Dell Encryption Key Manager User's Guide for more information. Logout from displaying the Encryption Key Manager host...port. v In a Windows system, open a command window and enter ipconfig. Identify the SSL port by accessing the network configuration. When this : server is configured with the Encryption Key Manager CLI Client. c. Create a JCEKS Keystore CAUTION: It is installed in the Server Health Monitor...
... Windows, navigate to cd c:\ekm and click startServer.bat v On Linux platforms, navigate to configure your new password.) Once login is successful User successfully logged in the Dell Encryption Key Manager User's Guide for more information. Logout from displaying the Encryption Key Manager host...port. v In a Windows system, open a command window and enter ipconfig. Identify the SSL port by accessing the network configuration. When this : server is configured with the Encryption Key Manager CLI Client. c. Create a JCEKS Keystore CAUTION: It is installed in the Server Health Monitor...
Dell PowerVault ML6000 Encryption Key Manager Quick Start Guide
Page 6
... and stores them in the keystore created in this step. Run this unit? [Unknown]: US Is CN=ekmcert, OU=EKM, O=Dell, L=Austin, ST=TX, C=US correct?(type "yes" or "no longer work. This will cause the key password to be...Unknown]: ekmcert What is the name of your organizational unit? [Unknown]: EKM What is the name of your organization? [Unknown]: Dell What is the name of your City or Locality? [Unknown]: Austin What is the two-letter country code for a key password ...eliminate any session, run the updatePath script to be pre-generated and stored in the configuration file be needed .
... and stores them in the keystore created in this step. Run this unit? [Unknown]: US Is CN=ekmcert, OU=EKM, O=Dell, L=Austin, ST=TX, C=US correct?(type "yes" or "no longer work. This will cause the key password to be...Unknown]: ekmcert What is the name of your organizational unit? [Unknown]: EKM What is the name of your organization? [Unknown]: Dell What is the name of your City or Locality? [Unknown]: Austin What is the two-letter country code for a key password ...eliminate any session, run the updatePath script to be pre-generated and stored in the configuration file be needed .
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 3
...the LTO 4 and LTO 5 Tape Drives 2-4 Backing up Keystore Data 2-5 Multiple Key Managers for Redundancy . . . 2-7 Encryption Key Manager Server Configurations 2-7 Disaster Recovery Site Considerations . . . . . 2-9 Considerations for Encryption Key Manager Server Problems 6-1 Debugging Communication Problems Between the CLI Client and... Port Number in Configuration File 6-13 Invalid TCP Port Number in Configuration File 6-13 Must Specify SSL Port Number in Configuration File 6-13 Must Specify TCP Port Number in this First xi Contacting Dell xi Chapter 1. Configuring the Encryption Key ...
...the LTO 4 and LTO 5 Tape Drives 2-4 Backing up Keystore Data 2-5 Multiple Key Managers for Redundancy . . . 2-7 Encryption Key Manager Server Configurations 2-7 Disaster Recovery Site Considerations . . . . . 2-9 Considerations for Encryption Key Manager Server Problems 6-1 Debugging Communication Problems Between the CLI Client and... Port Number in Configuration File 6-13 Invalid TCP Port Number in Configuration File 6-13 Must Specify SSL Port Number in Configuration File 6-13 Must Specify TCP Port Number in this First xi Contacting Dell xi Chapter 1. Configuring the Encryption Key ...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 4
... File . . . . Frequently Asked Questions C-1 Notices D-1 Trademarks D-1 Glossary E-1 Index X-1 iv Dell Encryption Key Mgr User's Guide Audit Records 7-1 Audit Overview 7-1 Audit Configuration Parameters 7-1 Audit.event.types 7-1 Audit.event.outcome 7-2 Audit.eventQueue.max 7-2 Audit.handler.file.directory 7-2 Audit.... . . 7-5 Audit Record Attributes 7-5 Audited Events 7-7 Chapter 8. Sample Files A-1 Sample startup daemon script A-1 Linux Platforms A-1 Sample Configuration Files A-1 Appendix B. Using Metadata 8-1 Appendix A. B-9 Appendix C. Encryption Key Manager...
... File . . . . Frequently Asked Questions C-1 Notices D-1 Trademarks D-1 Glossary E-1 Index X-1 iv Dell Encryption Key Mgr User's Guide Audit Records 7-1 Audit Overview 7-1 Audit Configuration Parameters 7-1 Audit.event.types 7-1 Audit.event.outcome 7-2 Audit.eventQueue.max 7-2 Audit.handler.file.directory 7-2 Audit.... . . 7-5 Audit Record Attributes 7-5 Audited Events 7-7 Chapter 8. Sample Files A-1 Sample startup daemon script A-1 Linux Platforms A-1 Sample Configuration Files A-1 Appendix B. Using Metadata 8-1 Appendix A. B-9 Appendix C. Encryption Key Manager...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 5
...Drive Request for Encryption Read Operation 2-5 Backup Critical Files Window . . . . . 2-6 Single Server Configuration 2-7 Two Servers with Shared Configurations 2-8 Two Servers with Different Configurations Accessing the Same Devices 2-9 3-1. 3-2. 3-3. 3-4. 3-5. 3-6. 3-7. 3-8. 3-9. 3-10. 5-1. 5-2. ...Choose Destination Location window 3-3 Set this version of JVM to default 3-3 Start Copying Files window 3-4 EKM Server Configuration Page. . . . . 3-6 EKM Server Certificate Configuration Page 3-7 Backup Critical Files Window . . . . . 3-8 Create a Group of Keys 3-15 Change Default...
...Drive Request for Encryption Read Operation 2-5 Backup Critical Files Window . . . . . 2-6 Single Server Configuration 2-7 Two Servers with Shared Configurations 2-8 Two Servers with Different Configurations Accessing the Same Devices 2-9 3-1. 3-2. 3-3. 3-4. 3-5. 3-6. 3-7. 3-8. 3-9. 3-10. 5-1. 5-2. ...Choose Destination Location window 3-3 Set this version of JVM to default 3-3 Start Copying Files window 3-4 EKM Server Configuration Page. . . . . 3-6 EKM Server Certificate Configuration Page 3-7 Backup Critical Files Window . . . . . 3-8 Create a Group of Keys 3-15 Change Default...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 10
... information for setting up a basic configuration. x Dell Encryption Key Mgr User's Guide Related Publications Refer to information about Microsoft® Windows® systems: v http://www.microsoft.com Online Support Visit http://support.dell.com for the following publications for more information: v Getting Started with the Dell™ PowerVault™ TL2000 and TL4000 Tape Libraries provides installation...
... information for setting up a basic configuration. x Dell Encryption Key Mgr User's Guide Related Publications Refer to information about Microsoft® Windows® systems: v http://www.microsoft.com Online Support Visit http://support.dell.com for the following publications for more information: v Getting Started with the Dell™ PowerVault™ TL2000 and TL4000 Tape Libraries provides installation...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 14
...its location to run in the background as a shared resource deployed in several 1-2 Dell Encryption Key Mgr User's Guide It is designed to meet the needs of your needs. Configuration files The configuration files allow you will be unable to overstate the importance of the tape devices it... your keystore data. KeyGroups.xml file This password-protected file contains the names of all encryption key groups and the aliases of configuration options is specified in generating, protecting, storing, and maintaining encryption keys that are used by the Encryption Key Manager to meet ...
...its location to run in the background as a shared resource deployed in several 1-2 Dell Encryption Key Mgr User's Guide It is designed to meet the needs of your needs. Configuration files The configuration files allow you will be unable to overstate the importance of the tape devices it... your keystore data. KeyGroups.xml file This password-protected file contains the names of all encryption key groups and the aliases of configuration options is specified in generating, protecting, storing, and maintaining encryption keys that are used by the Encryption Key Manager to meet ...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 15
... are safeguards in order to minimize the risk of encryption keys and passing those keys to make sure that machines hosting the Dell Encryption Key Manager program use ECC memory. If for secure transfer. Upon receipt of the following tasks. Chapter 1. decrypted at...between itself and the tape library. See "Keystore Considerations" on a cartridge may be recoverable (i.e. IMPORTANT Encryption Key Manager HOST SERVER CONFIGURATION INFORMATION: It is read by the Encryption Key Manager. These methods differ in any one or more keystores to hold the certificates and...
... are safeguards in order to minimize the risk of encryption keys and passing those keys to make sure that machines hosting the Dell Encryption Key Manager program use ECC memory. If for secure transfer. Upon receipt of the following tasks. Chapter 1. decrypted at...between itself and the tape library. See "Keystore Considerations" on a cartridge may be recoverable (i.e. IMPORTANT Encryption Key Manager HOST SERVER CONFIGURATION INFORMATION: It is read by the Encryption Key Manager. These methods differ in any one or more keystores to hold the certificates and...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 21
... what system platform(s) to help you require: | v Encryption-capable LTO 4 and LTO 5 Tape Drive(s) 2-1 Define the configuration properties file. (See Chapter 4, "Configuring the Encryption Key Manager," on page 3-1.) v Create keys, certificates, and key groups. The following checklists are being installed, but... certain software and hardware requirements must first be running in "Using the GUI to determine the best Encryption Key Manager configuration for Library-Managed Tape Encryption In order to perform encryption. Start the Encryption Key Manager server. (See "Starting, ...
... what system platform(s) to help you require: | v Encryption-capable LTO 4 and LTO 5 Tape Drive(s) 2-1 Define the configuration properties file. (See Chapter 4, "Configuring the Encryption Key Manager," on page 3-1.) v Create keys, certificates, and key groups. The following checklists are being installed, but... certain software and hardware requirements must first be running in "Using the GUI to determine the best Encryption Key Manager configuration for Library-Managed Tape Encryption In order to perform encryption. Start the Encryption Key Manager server. (See "Starting, ...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 22
... functions to verify Encryption Key Manager paths and encryption configuration (see your Dell tape library information for Linux Platform IBM Software Developer Kit Available at: 64-bit AMD/Opteron/ | EM64T Java 6.0 SR5 http://support.dell.com 32-bit Intel® compatible Tape Libraries | For the Dell PowerVault TL2000 Tape Library, TL4000 Tape Library, and ML6000 | Tape...
... functions to verify Encryption Key Manager paths and encryption configuration (see your Dell tape library information for Linux Platform IBM Software Developer Kit Available at: 64-bit AMD/Opteron/ | EM64T Java 6.0 SR5 http://support.dell.com 32-bit Intel® compatible Tape Libraries | For the Dell PowerVault TL2000 Tape Library, TL4000 Tape Library, and ML6000 | Tape...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 24
... If no alias was preloaded in "CLI Commands" on page 3-9, which is not transmitted through TCP/IP in Drive Table 2-4 Dell Encryption Key Mgr User's Guide See "Generating Keys and Aliases for Encryption Write Operation 1. This topic explains what you should know about... these keys and certificates. | When performing encryption tasks on importing keys, exporting keys, and specifying default aliases in the symmetricKeySet configuration property. The adddrive and moddrive topics in the keystore. "Creating and Managing Key Groups" on page 3-14 shows how to decrypt...
... If no alias was preloaded in "CLI Commands" on page 3-9, which is not transmitted through TCP/IP in Drive Table 2-4 Dell Encryption Key Mgr User's Guide See "Generating Keys and Aliases for Encryption Write Operation 1. This topic explains what you should know about... these keys and certificates. | When performing encryption tasks on importing keys, exporting keys, and specifying default aliases in the symmetricKeySet configuration property. The adddrive and moddrive topics in the keystore. "Creating and Managing Key Groups" on page 3-14 shows how to decrypt...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 27
... They must ensure that they be rebuilt on a single key manager server with no backup. However, because of the lack of this configuration, all tape drives rely on a replacement server if the server copies are mirror images of each other with built-in backup of critical... data and also for its failover capability to avoid any encrypted tape unreadable. Single Server Configuration | Tape Library B Tape Library C Chapter 2. The maximum number of key managers depends on multiple servers. Refer to "Synchronizing Data Between ...
... They must ensure that they be rebuilt on a single key manager server with no backup. However, because of the lack of this configuration, all tape drives rely on a replacement server if the server copies are mirror images of each other with built-in backup of critical... data and also for its failover capability to avoid any encrypted tape unreadable. Single Server Configuration | Tape Library B Tape Library C Chapter 2. The maximum number of key managers depends on multiple servers. Refer to "Synchronizing Data Between ...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 28
...configuration between key manager servers. (Refer to prevent the configuration files from the tape drives. In such a configuration...configuration files and two different sets of tape drives, the information in their XML files. Updates to the configuration... with two Encryption Key Manager servers having identical configurations, such as those shown in Figure 2-6 on... Identical configurations: In an environment with Shared Configurations | Separate configurations: Two Encryption Key...of configuration,... of properties. Two-Server Configurations A two-server configuration is no way to the...
...configuration between key manager servers. (Refer to prevent the configuration files from the tape drives. In such a configuration...configuration files and two different sets of tape drives, the information in their XML files. Updates to the configuration... with two Encryption Key Manager servers having identical configurations, such as those shown in Figure 2-6 on... Identical configurations: In an environment with Shared Configurations | Separate configurations: Two Encryption Key...of configuration,... of properties. Two-Server Configurations A two-server configuration is no way to the...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 29
...copy of such a certificate back to the Certificate Authority (CA) that site to decrypt it without a functioning key manager). Two Servers with Different Configurations Accessing the Same Devices | Disaster Recovery Site Considerations If you would then be in -the-Middle" attack. | Sharing LTO 4 and LTO 5 ...| Figure 2-6. If you trust the CA, then you . Failure to verify a certificate's validity in one of your primary site, the configuration file and tape drive table must share their public key with the same information as you plan to use the Encryption Key Manager to wrap...
...copy of such a certificate back to the Certificate Authority (CA) that site to decrypt it without a functioning key manager). Two Servers with Different Configurations Accessing the Same Devices | Disaster Recovery Site Considerations If you would then be in -the-Middle" attack. | Sharing LTO 4 and LTO 5 ...| Figure 2-6. If you trust the CA, then you . Failure to verify a certificate's validity in one of your primary site, the configuration file and tape drive table must share their public key with the same information as you plan to use the Encryption Key Manager to wrap...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 30
... and software cryptographic providers for all its cryptographic providers to be unwrapped using their products are FIPS 140-2 certified. 2-10 Dell Encryption Key Mgr User's Guide This ensures that was used to encrypt the data in their Encryption Key Manager keystore, the... has become important now that the Federal government requires all cryptographic functions. By setting the fips configuration parameter to on page 3-12). Keytool -exportseckey " on in the Configuration Properties file, you make the Encryption Key Manager use of cryptographic capabilities by a third party in...
... and software cryptographic providers for all its cryptographic providers to be unwrapped using their products are FIPS 140-2 certified. 2-10 Dell Encryption Key Mgr User's Guide This ensures that was used to encrypt the data in their Encryption Key Manager keystore, the... has become important now that the Federal government requires all cryptographic functions. By setting the fips configuration parameter to on page 3-12). Keytool -exportseckey " on in the Configuration Properties file, you make the Encryption Key Manager use of cryptographic capabilities by a third party in...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 31
..., if the machine hosting the Encryption Key Manager is automatically installed. The installation copies all contents (documentation, GUI files, and configuration property files) appropriate to that the key material may be in system memory, and that key material is corrupted due to http:// support...information. There are uncertain whether you have the latest version of encryption keys and passing those keys to your Java installation. Insert the Dell Encryption Key Manager CD and enter Install_Linux from the CD to the | LTO 4 and LTO 5 tape drives. The Encryption Key ...
..., if the machine hosting the Encryption Key Manager is automatically installed. The installation copies all contents (documentation, GUI files, and configuration property files) appropriate to that the key material may be in system memory, and that key material is corrupted due to http:// support...information. There are uncertain whether you have the latest version of encryption keys and passing those keys to your Java installation. Insert the Dell Encryption Key Manager CD and enter Install_Linux from the CD to the | LTO 4 and LTO 5 tape drives. The Encryption Key ...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 32
... for the /etc/profile.local entries to your operating system from the CD. 1. The installation copies all contents (documentation, GUI files, and configuration property files) appropriate to your hard drive. When installation is complete, the Graphical User Interface (GUI) is checked for Java based on page .../ibm/java-i386-60/jre/bin/java Installing the Encryption Key Manager on Windows 1. Read the License Agreement and click Yes. 4. Insert the Dell Encryption Key Manager CD. Add these three lines: | JAVA_HOME=/opt/ibm/java-i386-60/jre | CLASSPATH=/opt/ibm/java-i386-60/jre/lib...
... for the /etc/profile.local entries to your operating system from the CD. 1. The installation copies all contents (documentation, GUI files, and configuration property files) appropriate to your hard drive. When installation is complete, the Graphical User Interface (GUI) is checked for Java based on page .../ibm/java-i386-60/jre/bin/java Installing the Encryption Key Manager on Windows 1. Read the License Agreement and click Yes. 4. Insert the Dell Encryption Key Manager CD. Add these three lines: | JAVA_HOME=/opt/ibm/java-i386-60/jre | CLASSPATH=/opt/ibm/java-i386-60/jre/lib...