Dell PowerVault ML6000 Encryption Key Manager Quick Start Guide
Page 1
... Key Manager to as the Encryption Key Manager from this point forward) is designed to the LTO-4 and LTO-5 tape drives. The Dell PowerVault Encryption Key Manager (referred to ensure that there are no issues. The key material, in wrapped (encrypted form) resides in system memory and the corruption ...
... Key Manager to as the Encryption Key Manager from this point forward) is designed to the LTO-4 and LTO-5 tape drives. The Dell PowerVault Encryption Key Manager (referred to ensure that there are no issues. The key material, in wrapped (encrypted form) resides in system memory and the corruption ...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 3
... Keystore . . . 6-16 Unsupported Action 6-16 iii Tape Encryption Overview Components Managing Encryption Application-Managed Tape Encryption . . . Library-Managed Tape Encryption . . . . About Encryption Keys 1-1 ....Add Drive 6-10 Failed to Archive the Log File 6-10 Failed to Delete the Configuration . . . . . 6-10 Failed to Delete the Drive Entry ...Tape Drives 2-4 Backing up Keystore Data 2-5 Multiple Key Managers for Redundancy . . . 2-7 Encryption Key Manager Server Configurations 2-7 Disaster Recovery Site Considerations . . . . . 2-9 Considerations for Sharing Encrypted Tapes...
... Keystore . . . 6-16 Unsupported Action 6-16 iii Tape Encryption Overview Components Managing Encryption Application-Managed Tape Encryption . . . Library-Managed Tape Encryption . . . . About Encryption Keys 1-1 ....Add Drive 6-10 Failed to Archive the Log File 6-10 Failed to Delete the Configuration . . . . . 6-10 Failed to Delete the Drive Entry ...Tape Drives 2-4 Backing up Keystore Data 2-5 Multiple Key Managers for Redundancy . . . 2-7 Encryption Key Manager Server Configurations 2-7 Disaster Recovery Site Considerations . . . . . 2-9 Considerations for Sharing Encrypted Tapes...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 5
...'s four main components 1-2 Two possible locations for encryption policy engine and key management. . . . . . 1-4 Encryption Using Symmetric Encryption Keys 1-6 LTO 4 or LTO 5 Tape Drive Request for Encryption Write Operation 2-4 LTO 4 or LTO 5 Tape Drive Request for Encryption Read Operation 2-5 Backup Critical Files Window . . . . . 2-6 Single Server Configuration 2-7 Two Servers with Shared Configurations 2-8 Two Servers with Different...
...'s four main components 1-2 Two possible locations for encryption policy engine and key management. . . . . . 1-4 Encryption Using Symmetric Encryption Keys 1-6 LTO 4 or LTO 5 Tape Drive Request for Encryption Write Operation 2-4 LTO 4 or LTO 5 Tape Drive Request for Encryption Read Operation 2-5 Backup Critical Files Window . . . . . 2-6 Single Server Configuration 2-7 Two Servers with Shared Configurations 2-8 Two Servers with Different...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 9
...names, file names, flag names, path names, and selected menu options. Attention Notice An attention notice indicates the possibility of the Dell™ Encryption Key Manager. Preface About this Book This manual contains information and instructions necessary for security and backup of vital data... list of storage devices and networks. It includes concepts and procedures pertaining to: | v Encryption-capable LTO 4 and LTO 5 Tape Drives v Cryptographic keys v Digital certificates Who Should Read this Book This book is not required. An exclamation point symbol may accompany an ...
...names, file names, flag names, path names, and selected menu options. Attention Notice An attention notice indicates the possibility of the Dell™ Encryption Key Manager. Preface About this Book This manual contains information and instructions necessary for security and backup of vital data... list of storage devices and networks. It includes concepts and procedures pertaining to: | v Encryption-capable LTO 4 and LTO 5 Tape Drives v Cryptographic keys v Digital certificates Who Should Read this Book This book is not required. An exclamation point symbol may accompany an ...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 13
... and Software Requirements" on page 2-2 for more information on the operating environment. Encryption Policy This is desired, Dell Encryption Key Manager performs all necessary key management tasks. These characteristics are supported offering different operational characteristics to as ... as it , and verifying its authenticity while maintaining its behavior. The tape drive encryption solution comprises three major elements: The Encryption-Enabled Tape Drive | All LTO 4 and LTO 5 Tape Drives must be enabled through the library | interface. Several types of a dedicated...
... and Software Requirements" on page 2-2 for more information on the operating environment. Encryption Policy This is desired, Dell Encryption Key Manager performs all necessary key management tasks. These characteristics are supported offering different operational characteristics to as ... as it , and verifying its authenticity while maintaining its behavior. The tape drive encryption solution comprises three major elements: The Encryption-Enabled Tape Drive | All LTO 4 and LTO 5 Tape Drives must be enabled through the library | interface. Several types of a dedicated...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 14
... location to run in the background as a shared resource deployed in several 1-2 Dell Encryption Key Mgr User's Guide Without access to your needs. The tape drive table is a non-editable, binary file whose location is described. Please carefully read from tape devices Config File Records Keystore location and defines Encryption Key Manager behavior a14m0234...
... location to run in the background as a shared resource deployed in several 1-2 Dell Encryption Key Mgr User's Guide Without access to your needs. The tape drive table is a non-editable, binary file whose location is described. Please carefully read from tape devices Config File Records Keystore location and defines Encryption Key Manager behavior a14m0234...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 15
... Encryption Key Manager fetches an existing AES key from a keystore and wraps it for secure transfer to the tape drive where it to tape. | When an encrypted tape is always recommended that machines hosting the Dell Encryption Key Manager program use ECC memory. Your operating environment determines which is recommended that machines hosting critical applications...
... Encryption Key Manager fetches an existing AES key from a keystore and wraps it for secure transfer to the tape drive where it to tape. | When an encrypted tape is always recommended that machines hosting the Dell Encryption Key Manager program use ECC memory. Your operating environment determines which is recommended that machines hosting critical applications...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 16
.... The policies and keys pass through the application interface. Data Path Data Path Policy or Application Library a14m0252 Policy Library Drive Interface Figure 1-2. Two possible locations for tape storage, such as the Dell PowerVault TL2000/TL4000 and ML6000 family. Application Layer An application program, separate from the key manager, initiates data transfer for supported applications...
.... The policies and keys pass through the application interface. Data Path Data Path Policy or Application Library a14m0252 Policy Library Drive Interface Figure 1-2. Two possible locations for tape storage, such as the Dell PowerVault TL2000/TL4000 and ML6000 family. Application Layer An application program, separate from the key manager, initiates data transfer for supported applications...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 17
... the tape drive depends on a library-attached host. Tape Encryption Overview 1-5 Both the IBM and T10 methods of encryption algorithms are transferred to understand the difference between how the Encryption Key Manager uses encryption keys and how other key in the Dell™ PowerVault™ TL2000 Tape Library, Dell™ PowerVault™ TL4000 Tape Library, or Dell™ PowerVault™ ML6000 Tape Library...
... the tape drive depends on a library-attached host. Tape Encryption Overview 1-5 Both the IBM and T10 methods of encryption algorithms are transferred to understand the difference between how the Encryption Key Manager uses encryption keys and how other key in the Dell™ PowerVault™ TL2000 Tape Library, Dell™ PowerVault™ TL4000 Tape Library, or Dell™ PowerVault™ ML6000 Tape Library...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 18
... Key Processing by Other Applications | In application-managed tape encryption, unencrypted data is sent to the LTO 4 and | LTO 5 Tape Drives and converted to tape. Encryption Using Symmetric Encryption Keys. written to ciphertext using a method determined by applications that use applications such as Yosemite (for Dell PowerVault TL2000 and TL4000 Tape Libraries), CommVault, and Symantec Backup Exec for...
... Key Processing by Other Applications | In application-managed tape encryption, unencrypted data is sent to the LTO 4 and | LTO 5 Tape Drives and converted to tape. Encryption Using Symmetric Encryption Keys. written to ciphertext using a method determined by applications that use applications such as Yosemite (for Dell PowerVault TL2000 and TL4000 Tape Libraries), CommVault, and Symantec Backup Exec for...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 19
Table 1-1. Tape Encryption Overview 1-7 Encryption Key Summary Encryption Management Keys used to manage the encryption. | For transparent encryption of LTO 4 and LTO 5, (that is, using library-managed ... Manager,) the uniqueness of DKs depends on the availability of a sufficient number of encryption keys that may be used for each volume depends on the tape drive, the encryption standard, and method used by | Method IBM Encryption T10 Encryption Library-Managed Encryption 1 DK / cartridge N/A Application-Managed Encryption Multiple DKs / cartridge Multiple DKs...
Table 1-1. Tape Encryption Overview 1-7 Encryption Key Summary Encryption Management Keys used to manage the encryption. | For transparent encryption of LTO 4 and LTO 5, (that is, using library-managed ... Manager,) the uniqueness of DKs depends on the availability of a sufficient number of encryption keys that may be used for each volume depends on the tape drive, the encryption standard, and method used by | Method IBM Encryption T10 Encryption Library-Managed Encryption 1 DK / cartridge N/A Application-Managed Encryption Multiple DKs / cartridge Multiple DKs...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 21
...importseckey " on page 3-1.) v Create keys, certificates, and key groups. The following checklists are planning how to take advantage of the tape drive, certain software and hardware requirements must be met. Start the command line interface client. (See "The Command Line Interface Client" on... page 3-5, unless you require: | v Encryption-capable LTO 4 and LTO 5 Tape Drive(s) 2-1 Encryption Setup Tasks at a Glance Before you can use as Encryption Key Manager server(s). Many factors must first be considered when you...
...importseckey " on page 3-1.) v Create keys, certificates, and key groups. The following checklists are planning how to take advantage of the tape drive, certain software and hardware requirements must be met. Start the command line interface client. (See "The Command Line Interface Client" on... page 3-5, unless you require: | v Encryption-capable LTO 4 and LTO 5 Tape Drive(s) 2-1 Encryption Setup Tasks at a Glance Before you can use as Encryption Key Manager server(s). Many factors must first be considered when you...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 22
...). Dell™ PowerVault™ TL2000 Tape Library minimum required firmware version = 5.xx. - Enable LTO 4 and LTO 5 Tape Drives and Tape Library for library-managed tape encryption (see your Dell tape library information for Linux Platform IBM Software Developer Kit Available at: 64-bit AMD/Opteron/ | EM64T Java 6.0 SR5 http://support.dell.com 32-bit Intel® compatible Tape Libraries | For the Dell PowerVault TL2000 Tape Library...
...). Dell™ PowerVault™ TL2000 Tape Library minimum required firmware version = 5.xx. - Enable LTO 4 and LTO 5 Tape Drives and Tape Library for library-managed tape encryption (see your Dell tape library information for Linux Platform IBM Software Developer Kit Available at: 64-bit AMD/Opteron/ | EM64T Java 6.0 SR5 http://support.dell.com 32-bit Intel® compatible Tape Libraries | For the Dell PowerVault TL2000 Tape Library...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 23
...EM64T | and 2008 R2 architecture, Java 2 Technology Edition, Version 6.0 SR5 Tape Libraries | For the Dell™ PowerVault™ TL2000 Tape Library, Dell™ PowerVault™ TL4000 Tape | Library, and Dell™ PowerVault™ ML6000 Tape Library, assure that the firmware | level is the latest available. Windows ...5.0 SR5 | Windows 2008 IBM 64-bit Runtime Environment for protecting your keystore you will be used. Tape Drive | For the LTO 4 and LTO 5 Tape Drives, assure that the firmware level is the latest | available. JCEKS (Unix System Services file based) is...
...EM64T | and 2008 R2 architecture, Java 2 Technology Edition, Version 6.0 SR5 Tape Libraries | For the Dell™ PowerVault™ TL2000 Tape Library, Dell™ PowerVault™ TL4000 Tape | Library, and Dell™ PowerVault™ ML6000 Tape Library, assure that the firmware | level is the latest available. Windows ...5.0 SR5 | Windows 2008 IBM 64-bit Runtime Environment for protecting your keystore you will be used. Tape Drive | For the LTO 4 and LTO 5 Tape Drives, assure that the firmware level is the latest | available. JCEKS (Unix System Services file based) is...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 24
... Encryption Key Manager sends this way, Encryption Key Manager can decrypt, to the LTO 4 or LTO 5 tape drive to encrypt data. | Encryption Keys and the LTO 4 and LTO 5 Tape Drives The Dell Encryption Key Manager and its supported tape drives use symmetric, 256-bit AES keys to encrypt the data. This topic explains what you should know...
... Encryption Key Manager sends this way, Encryption Key Manager can decrypt, to the LTO 4 or LTO 5 tape drive to encrypt data. | Encryption Keys and the LTO 4 and LTO 5 Tape Drives The Dell Encryption Key Manager and its supported tape drives use symmetric, 256-bit AES keys to encrypt the data. This topic explains what you should know...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 25
...in irrevocably losing all certificates loaded into the keystore (usually a PKCS12 format file). Encryption Key Manager sends the wrapped DK to the tape drive 7. There are processed for encrypted read request and sends DKi to encrypt this keystore information. v Use system backup capabilities (such as...to backup this copy using those certificates associated with that you back up this data on a non-encrypted device so that tape drive or library. Tape drive unwraps the DK and uses it to decrypt the data Backing up Keystore Data Note: Due to decrypt it own unique ...
...in irrevocably losing all certificates loaded into the keystore (usually a PKCS12 format file). Encryption Key Manager sends the wrapped DK to the tape drive 7. There are processed for encrypted read request and sends DKi to encrypt this keystore information. v Use system backup capabilities (such as...to backup this copy using those certificates associated with that you back up this data on a non-encrypted device so that tape drive or library. Tape drive unwraps the DK and uses it to decrypt the data Backing up Keystore Data Note: Due to decrypt it own unique ...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 26
...and store the clear (unencrypted) copy in a secure location such as a vault (be careful not to encrypt this copy using the encrypting tape drives as failover redundancy). Backing up your backup data in the navigator on the left of the Encryption Key Manager GUI. 3. Figure 2-3. An ...information message displays the results. 2-6 Dell Encryption Key Mgr User's Guide a14m0241 The Encryption Key Manager does not modify keystore data. Back up the keystores for both primary and secondary...
...and store the clear (unencrypted) copy in a secure location such as a vault (be careful not to encrypt this copy using the encrypting tape drives as failover redundancy). Backing up your backup data in the navigator on the left of the Encryption Key Manager GUI. 3. Figure 2-3. An ...information message displays the results. 2-6 Dell Encryption Key Mgr User's Guide a14m0241 The Encryption Key Manager does not modify keystore data. Back up the keystores for both primary and secondary...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 27
...for any reason, your library or proxy. Single Server Configuration | Tape Library B Tape Library C Chapter 2. However, because of the lack of key managers depends on a single key manager server with tape drives and libraries to allow more. This allows you can have multiple key... managers servicing the same tape drives and libraries. When you configure your library may be copied manually. Planning Your ...
...for any reason, your library or proxy. Single Server Configuration | Tape Library B Tape Library C Chapter 2. However, because of the lack of key managers depends on a single key manager server with tape drives and libraries to allow more. This allows you can have multiple key... managers servicing the same tape drives and libraries. When you configure your library may be copied manually. Planning Your ...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 28
...be duplicated on page 4-2 for any reason. In this type of tape drives, the information in Figure 2-5, processing will automatically failover to the secondary key manager should be synchronized between servers. 2-8 Dell Encryption Key Mgr User's Guide Note: When different Encryption Key Manager ...servers are used to prevent the configuration files from being used to serve the common tape drives must be copied manually. This is required ...
...be duplicated on page 4-2 for any reason. In this type of tape drives, the information in Figure 2-5, processing will automatically failover to the secondary key manager should be synchronized between servers. 2-8 Dell Encryption Key Mgr User's Guide Note: When different Encryption Key Manager ...servers are used to prevent the configuration files from being used to serve the common tape drives must be copied manually. This is required ...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 29
... from your local Encryption Key Manager (configuration file, tape drive table, key groups XML file, and keystore). This public key will be used to read the tape. | Primary Key Store = Key Store Secondary Encryption Drive Table = Drive Table Encryption = Key Manager Config File Key Groups ... to be made available to the other organization to enable them to recover as your primary site, the configuration file and tape drive table must share their public key with Different Configurations Accessing the Same Devices | Disaster Recovery Site Considerations If you create a...
... from your local Encryption Key Manager (configuration file, tape drive table, key groups XML file, and keystore). This public key will be used to read the tape. | Primary Key Store = Key Store Secondary Encryption Drive Table = Drive Table Encryption = Key Manager Config File Key Groups ... to be made available to the other organization to enable them to recover as your primary site, the configuration file and tape drive table must share their public key with Different Configurations Accessing the Same Devices | Disaster Recovery Site Considerations If you create a...