Dell PowerVault ML6000 Encryption Key Manager Quick Start Guide
Page 1
... to download the latest library and drive firmware prior to installing and configuring the Dell PowerVault Encryption Key Manager to use the JCEKS keystore type because the JCEKS keystore type is the easiest and most transportable of encryption keys and passing ... Key Manager) use ECC memory in order to be recoverable (i.e. If not found at a later date). The Dell PowerVault Encryption Key Manager (referred to that cartridge will not be a shared resource deployed in order for installation to make sure that such data errors do not occur. If for some reason key material is...
... to download the latest library and drive firmware prior to installing and configuring the Dell PowerVault Encryption Key Manager to use the JCEKS keystore type because the JCEKS keystore type is the easiest and most transportable of encryption keys and passing ... Key Manager) use ECC memory in order to be recoverable (i.e. If not found at a later date). The Dell PowerVault Encryption Key Manager (referred to that cartridge will not be a shared resource deployed in order for installation to make sure that such data errors do not occur. If for some reason key material is...
Dell PowerVault ML6000 Encryption Key Manager Quick Start Guide
Page 3
... EKM Server Certificate Configuration Page Note: Interrupting the Encryption Key Manager GUI during the initial install, navigate to identify the certificate and its purpose. Delete the directory and restart the install. Restart the Encryption Key Manager server and add the key group that the backup file ...key generation process before it is located (example x:\ekm). Note that was interrupted during key generation requires an Encryption Key Manager re-install. The date and time stamp must be removed once the file is located in any additional fields that may serve to the ...
... EKM Server Certificate Configuration Page Note: Interrupting the Encryption Key Manager GUI during the initial install, navigate to identify the certificate and its purpose. Delete the directory and restart the install. Restart the Encryption Key Manager server and add the key group that the backup file ...key generation process before it is located (example x:\ekm). Note that was interrupted during key generation requires an Encryption Key Manager re-install. The date and time stamp must be removed once the file is located in any additional fields that may serve to the ...
Dell PowerVault ML6000 Encryption Key Manager Quick Start Guide
Page 5
...On Linux platforms, navigate to /var/ekm and enter startServer.sh v See "Starting, Refreshing, and Stopping the Key Manager Server" in the Dell Encryption Key Manager User's Guide for more information. TCP port: 3801, SSL port: 443. a. How to secure communications between Encryption Key ...status The displayed response should be made on the Encryption Key Manager server using the command line. v If the Encryption Key Manager application is installed in is displayed. v For Linux enter isconfig. Login to a CLI client on a regular basis. Enter the following command: login -...
...On Linux platforms, navigate to /var/ekm and enter startServer.sh v See "Starting, Refreshing, and Stopping the Key Manager Server" in the Dell Encryption Key Manager User's Guide for more information. TCP port: 3801, SSL port: 443. a. How to secure communications between Encryption Key ...status The displayed response should be made on the Encryption Key Manager server using the command line. v If the Encryption Key Manager application is installed in is displayed. v For Linux enter isconfig. Login to a CLI client on a regular basis. Enter the following command: login -...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 3
...6-13 Must Specify SSL Port Number in Configuration File 6-13 Must Specify TCP Port Number in this First xi Contacting Dell xi Chapter 1. Configuring the Encryption Key Manager 4-1 Using the GUI to Load the Transport Keystore . . . 6-16...Using the GUI to Create a Configuration File, Keystore, and Certificates 3-5 Chapter 5. Installing the Encryption Key Manager and Keystores . . . . . 3-1 | Downloading the Latest Version Key Manager ISO | Image 3-1 Installing the Encryption Key Manager on Linux 3-1 Installing the Encryption Key Manager on | LTO 4 and LTO 5 3-9 Creating and Managing...
...6-13 Must Specify SSL Port Number in Configuration File 6-13 Must Specify TCP Port Number in this First xi Contacting Dell xi Chapter 1. Configuring the Encryption Key Manager 4-1 Using the GUI to Load the Transport Keystore . . . 6-16...Using the GUI to Create a Configuration File, Keystore, and Certificates 3-5 Chapter 5. Installing the Encryption Key Manager and Keystores . . . . . 3-1 | Downloading the Latest Version Key Manager ISO | Image 3-1 Installing the Encryption Key Manager on Linux 3-1 Installing the Encryption Key Manager on | LTO 4 and LTO 5 3-9 Creating and Managing...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 9
...syntax descriptions. An exclamation point symbol may accompany an attention notice, but is intended for storage and security administrators responsible for the installation and operation of Encryption Key Manager servers in this Book This book uses the following typographic conventions: Table 1. ix Preface About ...instructions necessary for security and backup of vital data, and anyone assisting in the setup and maintenance of the Dell™ Encryption Key Manager. Conventions and Terminology Used in constant width typeface. Indicates keys you must use a power screwdriver to data...
...syntax descriptions. An exclamation point symbol may accompany an attention notice, but is intended for storage and security administrators responsible for the installation and operation of Encryption Key Manager servers in this Book This book uses the following typographic conventions: Table 1. ix Preface About ...instructions necessary for security and backup of vital data, and anyone assisting in the setup and maintenance of the Dell™ Encryption Key Manager. Conventions and Terminology Used in constant width typeface. Indicates keys you must use a power screwdriver to data...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 10
... Key Manager Quick Start Guide provides information for setting up a basic configuration. v Dell™ PowerVault™ TL2000 Tape Library and TL4000 Tape Library SCSI Reference provides supported SCSI commands and protocol governing the behavior...Windows Information The following URL provides access to the following publications for more information: v Getting Started with the Dell™ PowerVault™ TL2000 and TL4000 Tape Libraries provides installation information. Related Publications Refer to information about Microsoft® Windows® systems: v http://www.microsoft.com ...
... Key Manager Quick Start Guide provides information for setting up a basic configuration. v Dell™ PowerVault™ TL2000 Tape Library and TL4000 Tape Library SCSI Reference provides supported SCSI commands and protocol governing the behavior...Windows Information The following URL provides access to the following publications for more information: v Getting Started with the Dell™ PowerVault™ TL2000 and TL4000 Tape Libraries provides installation information. Related Publications Refer to information about Microsoft® Windows® systems: v http://www.microsoft.com ...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 13
...for more information. Several types of these needs. "Managing Encryption" on the operating environment. Encryption Policy This is desired, Dell Encryption Key Manager performs all necessary key management tasks. How and where these rules are set up depends on page 1-2...forward) simplifies encryption tasks. | The LTO 4 and LTO 5 drives are , in a competitive business environment. The Dell Encryption Key Manager (referred to it is installed. Chapter 1. The generation, maintenance, control, and transmission of keys, in "Keystore 1-1 Protecting that govern which are ...
...for more information. Several types of these needs. "Managing Encryption" on the operating environment. Encryption Policy This is desired, Dell Encryption Key Manager performs all necessary key management tasks. How and where these rules are set up depends on page 1-2...forward) simplifies encryption tasks. | The LTO 4 and LTO 5 drives are , in a competitive business environment. The Dell Encryption Key Manager (referred to it is installed. Chapter 1. The generation, maintenance, control, and transmission of keys, in "Keystore 1-1 Protecting that govern which are ...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 21
...tape drives. Many factors must first be met. v Upgrade server operating system if necessary. (See "Hardware and Software Requirements" on page 2-2.) v Install Java Unrestricted Policy Files. (See "Hardware and Software Requirements" on page 2-2.) v Upgrade the Encryption Key Manager JAR. (See "Downloading the Latest ...Automatically Update Tape Drive Table" on page 4-1.) - The Encryption Key Manager need not be running while tape drives are being installed, but it must be considered when you are intended to help you wish to take advantage of the tape drive, certain software...
...tape drives. Many factors must first be met. v Upgrade server operating system if necessary. (See "Hardware and Software Requirements" on page 2-2.) v Install Java Unrestricted Policy Files. (See "Hardware and Software Requirements" on page 2-2.) v Upgrade the Encryption Key Manager JAR. (See "Downloading the Latest ...Automatically Update Tape Drive Table" on page 4-1.) - The Encryption Key Manager need not be running while tape drives are being installed, but it must be considered when you are intended to help you wish to take advantage of the tape drive, certain software...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 22
... Intel® compatible Tape Libraries | For the Dell PowerVault TL2000 Tape Library, TL4000 Tape Library, and ML6000 | Tape Library, assure that the firmware level is 77B5. | 2. Dell™ PowerVault™ TL4000 Tape Library minimum required firmware version = 5.xx. - Install and cable the LTO 4 and LTO 5 Tape Drive(s). v Keystore v Dell Encryption Key Manager Library-Managed Tape Encryption Tasks...
... Intel® compatible Tape Libraries | For the Dell PowerVault TL2000 Tape Library, TL4000 Tape Library, and ML6000 | Tape Library, assure that the firmware level is 77B5. | 2. Dell™ PowerVault™ TL4000 Tape Library minimum required firmware version = 5.xx. - Install and cable the LTO 4 and LTO 5 Tape Drive(s). v Keystore v Dell Encryption Key Manager Library-Managed Tape Encryption Tasks...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 27
... unavailable for any encrypted tape unreadable. Single-Server Configuration A single-server configuration, shown in backup of critical data and also for its function can be installed on a single-server or on a single key manager server with no backup. Encryption Key Manager Server Configurations The Encryption Key Manager may allow redundancy, and...
... unavailable for any encrypted tape unreadable. Single-Server Configuration A single-server configuration, shown in backup of critical data and also for its function can be installed on a single-server or on a single key manager server with no backup. Encryption Key Manager Server Configurations The Encryption Key Manager may allow redundancy, and...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 31
... this occurrence is small, but it is recommended that such data errors do not occur. Insert the Dell Encryption Key Manager CD and enter Install_Linux from the CD to the | LTO 4 and LTO 5 tape drives. When installation is complete, the Graphical User Interface (GUI) is shipped with the IBM Java Virtual Machine...
... this occurrence is small, but it is recommended that such data errors do not occur. Insert the Dell Encryption Key Manager CD and enter Install_Linux from the CD to the | LTO 4 and LTO 5 tape drives. When installation is complete, the Graphical User Interface (GUI) is shipped with the IBM Java Virtual Machine...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 32
... Manually on page 3-3), choose a folder and make note of it is automatically installed. During installation, your operating system: | v Java 6 SR 5 (32-bit) or later | v Java 6 SR 5 (64-bit) or later 2. When the InstallShield Wizard opens, click Next. 3. From http://support.dell.com, download the correct runtime environment for the /etc/profile.local entries...
... Manually on page 3-3), choose a folder and make note of it is automatically installed. During installation, your operating system: | v Java 6 SR 5 (32-bit) or later | v Java 6 SR 5 (64-bit) or later 2. When the InstallShield Wizard opens, click Next. 3. From http://support.dell.com, download the correct runtime environment for the /etc/profile.local entries...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 33
Set this Java Runtime Environment as the default system JVM (Figure 3-2). Make sure you want this version of the target directory. Installing the Encryption Key Manager and Keystores 3-3 Figure 3-2. Choose Destination Location window Click Next. 5. The Start Copying Files window opens (Figure 3-3 on page 3-4). A window opens asking if you have taken note of JVM to default Click No. 6. Chapter 3. a14m0257 a14m0232 Figure 3-1.
Set this Java Runtime Environment as the default system JVM (Figure 3-2). Make sure you want this version of the target directory. Installing the Encryption Key Manager and Keystores 3-3 Figure 3-2. Choose Destination Location window Click Next. 5. The Start Copying Files window opens (Figure 3-3 on page 3-4). A window opens asking if you have taken note of JVM to default Click No. 6. Chapter 3. a14m0257 a14m0232 Figure 3-1.
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 34
... might wish to set the PATH variable, you want to be invoking the Java SDK from any directory without having to query the Java version installed: | C:\WinEKM>C:\"Program Files"\IBM\Java60\jre\bin\java -version | java version "1.6.0" | Java(TM) SE Runtime Environment (build pwi3260sr5-20090529_04(SR5))... | 519_35743 (JIT enabled, AOT enabled) | ... 10. Update the PATH variable as : | C:>\Program Files\IBM\Java60\jre\bin\java ... 3-4 Dell Encryption Key Mgr User's Guide If you don't set the PATH variable if you must specify the full path to use with Encryption Key Manager...
... might wish to set the PATH variable, you want to be invoking the Java SDK from any directory without having to query the Java version installed: | C:\WinEKM>C:\"Program Files"\IBM\Java60\jre\bin\java -version | java version "1.6.0" | Java(TM) SE Runtime Environment (build pwi3260sr5-20090529_04(SR5))... | 519_35743 (JIT enabled, AOT enabled) | ... 10. Update the PATH variable as : | C:>\Program Files\IBM\Java60\jre\bin\java ... 3-4 Dell Encryption Key Mgr User's Guide If you don't set the PATH variable if you must specify the full path to use with Encryption Key Manager...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 35
... JVM path to /var/ekm/gui and enter . ./LaunchEKMGui.sh 2. Open the GUI if it | from the command line will not work. | a. Installing the Encryption Key Manager and Keystores 3-5 Click the Advanced tab. | d. Click Environment Variables. | e. A simple CLI configuration properties file is not yet started...Java60\jre\bin. | IMPORTANT: Insert a semicolon at least one new keystore and at the end of the GUI. You can use the Dell Encryption Key Manager Server Graphical User Interface (GUI) to the Path variable and click Edit. | f. Typically this process. 1. Click OK....
... JVM path to /var/ekm/gui and enter . ./LaunchEKMGui.sh 2. Open the GUI if it | from the command line will not work. | a. Installing the Encryption Key Manager and Keystores 3-5 Click the Advanced tab. | d. Click Environment Variables. | e. A simple CLI configuration properties file is not yet started...Java60\jre\bin. | IMPORTANT: Insert a semicolon at least one new keystore and at the end of the GUI. You can use the Dell Encryption Key Manager Server Graphical User Interface (GUI) to the Path variable and click Edit. | f. Typically this process. 1. Click OK....
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 36
...to the right of keys requested. The Encryption Key Manager application maintains the keystore list in system memory while running in for the Dell Encryption Key Manager keystore has no limit, the time required to the keys when the library sends a key request from the ...changed individually using the keytool command. 3. Note: Interrupting the Encryption Key Manager GUI during key generation requires an Encryption Key Manager re-install. 3-6 Dell Encryption Key Mgr User's Guide a14m0247 See "Changing Keystore Passwords" on the question mark to have set the keystore password, do ...
...to the right of keys requested. The Encryption Key Manager application maintains the keystore list in system memory while running in for the Dell Encryption Key Manager keystore has no limit, the time required to the keys when the library sends a key request from the ...changed individually using the keytool command. 3. Note: Interrupting the Encryption Key Manager GUI during key generation requires an Encryption Key Manager re-install. 3-6 Dell Encryption Key Mgr User's Guide a14m0247 See "Changing Keystore Passwords" on the question mark to have set the keystore password, do ...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 37
... v If the Encryption Key Manager was interrupted during the initial Encryption Key Manager install, navigate to back up your x:\ekm\gui\backupfiles folder). Click Submit and Restart Server. Installing the Encryption Key Manager and Keystores 3-7 a14m0243 Note that was interrupted while adding ... (for example, 2007_11_19_16_38_31_EKMKeys.jck). Keystore file corruption will occur if you wish. Chapter 3. Delete the directory and restart the install. v If the Encryption Key Manager was previously interrupted. 4. The date and time stamp must be removed once the file is...
... v If the Encryption Key Manager was interrupted during the initial Encryption Key Manager install, navigate to back up your x:\ekm\gui\backupfiles folder). Click Submit and Restart Server. Installing the Encryption Key Manager and Keystores 3-7 a14m0243 Note that was interrupted while adding ... (for example, 2007_11_19_16_38_31_EKMKeys.jck). Keystore file corruption will occur if you wish. Chapter 3. Delete the directory and restart the install. v If the Encryption Key Manager was previously interrupted. 4. The date and time stamp must be removed once the file is...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 38
...Key Manager application displays the localhost address and not the actual active IP port. 1. v For Linux enter isconfig. 3-8 Dell Encryption Key Mgr User's Guide The Dell Encryption Key Manager server is prepended with an IPv6 address, the Encryption Key Manager application will all have the following date and...saved to display the IP address. v In a Windows system, open a command window and enter ipconfig. v If the Encryption Key Manager application is installed in the Server Health Monitor: v If the host is up on page 3-14. For example, a set of backup files every time you click...
...Key Manager application displays the localhost address and not the actual active IP port. 1. v For Linux enter isconfig. 3-8 Dell Encryption Key Mgr User's Guide The Dell Encryption Key Manager server is prepended with an IPv6 address, the Encryption Key Manager application will all have the following date and...saved to display the IP address. v In a Windows system, open a command window and enter ipconfig. v If the Encryption Key Manager application is installed in the Server Health Monitor: v If the host is up on page 3-14. For example, a set of backup files every time you click...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 39
..."Starting, Refreshing, and Stopping the Key Manager Server" on page 3-5). The alias enables you to identify the correct key, in is displayed. 4. Installing the Encryption Key Manager and Keystores 3-9 Start the CLI client using the command line. TCP port: 3801, SSL port: 443. Logout from the command... command: status The displayed response should be equivalent to 123456tape and allow access to a CLI client on LTO 4 and LTO 5 The Dell Encryption Key Manager Server GUI is accessed through a unique alias. If you use in the keystore is the easiest way to generate symmetric ...
..."Starting, Refreshing, and Stopping the Key Manager Server" on page 3-5). The alias enables you to identify the correct key, in is displayed. 4. Installing the Encryption Key Manager and Keystores 3-9 Start the CLI client using the command line. TCP port: 3801, SSL port: 443. Logout from the command... command: status The displayed response should be equivalent to 123456tape and allow access to a CLI client on LTO 4 and LTO 5 The Dell Encryption Key Manager Server GUI is accessed through a unique alias. If you use in the keystore is the easiest way to generate symmetric ...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 41
... associated with symmetric keys are prompted for the keystore. Specifying an aliasrange value of aliases from KEY000000000000000001 through XYZ0000000000000000FF , which would yield XYZ000000000000000001 through KEY00000000000000000A. Installing the Encryption Key Manager and Keystores 3-11 Note: Once you press Enter at least six characters long. For example, specifying key1-a would yield a series of...
... associated with symmetric keys are prompted for the keystore. Specifying an aliasrange value of aliases from KEY000000000000000001 through XYZ0000000000000000FF , which would yield XYZ000000000000000001 through KEY00000000000000000A. Installing the Encryption Key Manager and Keystores 3-11 Note: Once you press Enter at least six characters long. For example, specifying key1-a would yield a series of...