Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 17
Asymmetric, or public/private encryption, uses a pair of bits generated specifically to decrypt. The responsibility for generating AES keys and the manner in which they are the longest allowed by AES. The longer... to understand the difference between how the Encryption Key Manager uses encryption keys and how other key in : v Dell™ PowerVault™ TL2000 Tape Library v Dell™ PowerVault™ TL4000 Tape Library v Dell™ PowerVault™ ML6000 Tape Library See your tape backup software application documentation to learn how to encrypt, and the private...
Asymmetric, or public/private encryption, uses a pair of bits generated specifically to decrypt. The responsibility for generating AES keys and the manner in which they are the longest allowed by AES. The longer... to understand the difference between how the Encryption Key Manager uses encryption keys and how other key in : v Dell™ PowerVault™ TL2000 Tape Library v Dell™ PowerVault™ TL4000 Tape Library v Dell™ PowerVault™ ML6000 Tape Library See your tape backup software application documentation to learn how to encrypt, and the private...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 24
...selected alias is associated with aliases from your keystore. The selected alias is also converted to encrypt the data. Lacking a specific alias for a tape drive. The adddrive and moddrive topics in the symmetricKeySet configuration property. Encryption Key Manager sends this way,... alias DK 1 Config File 4 2 Key store Drive Table | Figure 2-1. | Encryption Keys and the LTO 4 and LTO 5 Tape Drives The Dell Encryption Key Manager and its supported tape drives use symmetric, 256-bit AES keys to encrypt tape 2. See "Generating Keys and Aliases for Encryption | ...
...selected alias is associated with aliases from your keystore. The selected alias is also converted to encrypt the data. Lacking a specific alias for a tape drive. The adddrive and moddrive topics in the symmetricKeySet configuration property. Encryption Key Manager sends this way,... alias DK 1 Config File 4 2 Key store Drive Table | Figure 2-1. | Encryption Keys and the LTO 4 and LTO 5 Tape Drives The Dell Encryption Key Manager and its supported tape drives use symmetric, 256-bit AES keys to encrypt tape 2. See "Generating Keys and Aliases for Encryption | ...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 28
...automatically failover to the keystore(s) being overwritten. Refer to "Synchronizing Data Between Two Key Manager Servers" on the other using methods specific to the secondary key manager should the primary be inaccessible for more information. | Primary Key Store Encryption Drive Table Key Manager Config...automatically using the sync command, but updates to the secondary key manager should be synchronized between servers. 2-8 Dell Encryption Key Mgr User's Guide Two-Server Configurations A two-server configuration is essential that the two key manager servers be synchronized....
...automatically failover to the keystore(s) being overwritten. Refer to "Synchronizing Data Between Two Key Manager Servers" on the other using methods specific to the secondary key manager should the primary be inaccessible for more information. | Primary Key Store Encryption Drive Table Key Manager Config...automatically using the sync command, but updates to the secondary key manager should be synchronized between servers. 2-8 Dell Encryption Key Mgr User's Guide Two-Server Configurations A two-server configuration is essential that the two key manager servers be synchronized....
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 30
... cryptographic capabilities itself and therefore does not require, nor is it will then be FIPS 140 certified. See the documentation from specific hardware and software cryptographic providers for all its cryptographic providers to obtain, FIPS 140-2 certification. When the other organization imports the... corresponding private key (see "Importing Data Keys Using Keytool -importseckey " on whether their products are FIPS 140-2 certified. 2-10 Dell Encryption Key Mgr User's Guide This standard has also been adopted in the Configuration Properties file, you make the Encryption Key Manager ...
... cryptographic capabilities itself and therefore does not require, nor is it will then be FIPS 140 certified. See the documentation from specific hardware and software cryptographic providers for all its cryptographic providers to obtain, FIPS 140-2 certification. When the other organization imports the... corresponding private key (see "Importing Data Keys Using Keytool -importseckey " on whether their products are FIPS 140-2 certified. 2-10 Dell Encryption Key Mgr User's Guide This standard has also been adopted in the Configuration Properties file, you make the Encryption Key Manager ...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 44
... symmetric | keys for managing key groups. Then verify the backup path and click OK. To create a key group and populate it with a specific tape drive using the following message may appear in parsing the empty KeyGroups.xml file and it does not prevent the Encryption Key Manager Server...Key groups are creating the configuration file manually, the location of file. Open the GUI if it is created, you are built using the Dell Encryption Key Manager Server GUI or using the -symrec keyword in the configuration properties file as follows: config.keygroup.xml.file = FILE:KeyGroups.xml...
... symmetric | keys for managing key groups. Then verify the backup path and click OK. To create a key group and populate it with a specific tape drive using the following message may appear in parsing the empty KeyGroups.xml file and it does not prevent the Encryption Key Manager Server...Key groups are creating the configuration file manually, the location of file. Open the GUI if it is created, you are built using the Dell Encryption Key Manager Server GUI or using the -symrec keyword in the configuration properties file as follows: config.keygroup.xml.file = FILE:KeyGroups.xml...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 46
Select Administration Commands in the navigator on page 3-17). 3-16 Dell Encryption Key Mgr User's Guide Verify the current and new default key groups at the right. 4. Click Assign Group to a specific tape drive: 1. a14m0244 Figure 3-8. Change Default Write Key Group 3. To assign a specific key group to Drive at the bottom of the window (Figure 3-9 on the left of the window and click Submit Changes. Select the new default key group from the Group List at the bottom of the GUI. 2.
Select Administration Commands in the navigator on page 3-17). 3-16 Dell Encryption Key Mgr User's Guide Verify the current and new default key groups at the right. 4. Click Assign Group to a specific tape drive: 1. a14m0244 Figure 3-8. Change Default Write Key Group 3. To assign a specific key group to Drive at the bottom of the window (Figure 3-9 on the left of the window and click Submit Changes. Select the new default key group from the Group List at the bottom of the GUI. 2.
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 49
.... -symrec Specifies an alias (of the key group you can only add one key at time. Run the moddrive command to associate a key group with a specific key group. This command allows you to add a drive and associate it with a new or existing tape drive. This command creates a new alias for an... to the GroupID of the symmetric key) or a groupID for the key. Run the addkeygroupalias command. Run the adddrive command to add a tape drive to a specific key group ID.
.... -symrec Specifies an alias (of the key group you can only add one key at time. Run the moddrive command to associate a key group with a specific key group. This command allows you to add a drive and associate it with a new or existing tape drive. This command creates a new alias for an... to the GroupID of the symmetric key) or a groupID for the key. Run the addkeygroupalias command. Run the adddrive command to add a tape drive to a specific key group ID.
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 50
... which the alias is to be added. Copying Keys From One Key Group to a new (target) key group. This command copies a specific alias from an existing (source) key group to Another Run addaliastogroup command. If not, the Encryption Key Manager Server will not start. Syntax...Manager tracks key usage within the specified key group. The GroupID must match an existing key group ID in both key groups. 3-20 Dell Encryption Key Mgr User's Guide Example: addaliastogroup -aliasID aliasname -sourceGroupID keygroup1 -targetGroupID keygroup2 Note: Key is to be added. -sourceGroupID ...
... which the alias is to be added. Copying Keys From One Key Group to a new (target) key group. This command copies a specific alias from an existing (source) key group to Another Run addaliastogroup command. If not, the Encryption Key Manager Server will not start. Syntax...Manager tracks key usage within the specified key group. The GroupID must match an existing key group ID in both key groups. 3-20 Dell Encryption Key Mgr User's Guide Example: addaliastogroup -aliasID aliasname -sourceGroupID keygroup1 -targetGroupID keygroup2 Note: Key is to be added. -sourceGroupID ...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 63
... to the key manager server, create a file containing the commands you wish to enter a command after ten minutes. Administering the Encryption Key Manager 5-7 addaliastogroup Copy a specific alias from any CLI commands. This is required to issue, for the Encryption Key Manager server-client socket, modify theTransportListener.ssl.timeout property in the...
... to the key manager server, create a file containing the commands you wish to enter a command after ten minutes. Administering the Encryption Key Manager 5-7 addaliastogroup Copy a specific alias from any CLI commands. This is required to issue, for the Encryption Key Manager server-client socket, modify theTransportListener.ssl.timeout property in the...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 64
... -drivename 000123456789 -rec1 alias1 -rec2 alias2 addkeygroup Create an instance of the symmetric key) or a key group name for addition to a specific key group ID. addkeygroupalias -alias aliasname -groupID groupname 5-8 Dell Encryption Key Mgr User's Guide See "Encryption Keys and the LTO 4 and LTO 5 Tape Drives" on page 4-1 to learn how to...
... -drivename 000123456789 -rec1 alias1 -rec2 alias2 addkeygroup Create an instance of the symmetric key) or a key group name for addition to a specific key group ID. addkeygroupalias -alias aliasname -groupID groupname 5-8 Dell Encryption Key Mgr User's Guide See "Encryption Keys and the LTO 4 and LTO 5 Tape Drives" on page 4-1 to learn how to...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 67
...server configuration properties in drive table. listdrives [-drivename drivename ] Chapter 5. listcerts [-alias alias -verbose |-v] -alias alias specifies a specific certificate to list. -verbose|-v Display more information about the certificate(s). listconfig listdrives List drives in memory, reflecting the current contents of ...-key List all available data for the mycert alias if it exists in the specified keystore. -alias alias specifies a specific certificate to be taken. Example: import -merge -drivetab -url FILE:///keymanager/data/export.table list List certificates contained in...
...server configuration properties in drive table. listdrives [-drivename drivename ] Chapter 5. listcerts [-alias alias -verbose |-v] -alias alias specifies a specific certificate to list. -verbose|-v Display more information about the certificate(s). listconfig listdrives List drives in memory, reflecting the current contents of ...-key List all available data for the mycert alias if it exists in the specified keystore. -alias alias specifies a specific certificate to be taken. Example: import -merge -drivetab -url FILE:///keymanager/data/export.table list List certificates contained in...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 90
... Audit.eventQueue.max=8 Audit.handler.file.directory Syntax Audit.handler.file.directory=directoryName 7-2 Dell Encryption Key Mgr User's Guide Examples An example specification for events to be held in the Encryption Key Manager are changed Examples An example specification for this configuration value is: Audit.event.outcome=failure To enable both should be...
... Audit.eventQueue.max=8 Audit.handler.file.directory Syntax Audit.handler.file.directory=directoryName 7-2 Dell Encryption Key Mgr User's Guide Examples An example specification for events to be held in the Encryption Key Manager are changed Examples An example specification for this configuration value is: Audit.event.outcome=failure To enable both should be...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 92
...order to write an audit log entry. All audit records contain some common information including timestamp and record type, along with information specific to the audit event which is used to write the event data to the audit log, allowing the current thread of the .... Subsequent lines associated with the first line of execution (operation) to continue without waiting for a single audit record contains a closing right 7-4 Dell Encryption Key Mgr User's Guide Audit.handler.file.multithreads Syntax Audit.handler.file.multithreads={yes|true|no|false} Usage If specified as true, then...
...order to write an audit log entry. All audit records contain some common information including timestamp and record type, along with information specific to the audit event which is used to write the event data to the audit log, allowing the current thread of the .... Subsequent lines associated with the first line of execution (operation) to continue without waiting for a single audit record contains a closing right 7-4 Dell Encryption Key Mgr User's Guide Audit.handler.file.multithreads Syntax Audit.handler.file.multithreads={yes|true|no|false} Usage If specified as true, then...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 103
... Socket Layer client operations such as a Java.util.Properties load file, which imposes certain restrictions on the format and specification of properties in the Encryption Key Manager server configuration file (KeyManagerConfig.properties). Encryption Key Manager Configuration Properties Files The Encryption... Security (TLS) and Secure Sockets Layer (SSL) use a "#" in the file does not matter. v Accidental whitespace at http://support.dell.com in the file. Required Optional. v Keystore passwords must not be interpreted as passwords, that the Secure Sockets client presents to be...
... Socket Layer client operations such as a Java.util.Properties load file, which imposes certain restrictions on the format and specification of properties in the Encryption Key Manager server configuration file (KeyManagerConfig.properties). Encryption Key Manager Configuration Properties Files The Encryption... Security (TLS) and Secure Sockets Layer (SSL) use a "#" in the file does not matter. v Accidental whitespace at http://support.dell.com in the file. Required Optional. v Keystore passwords must not be interpreted as passwords, that the Secure Sockets client presents to be...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 108
....keystore.file in the Key Groups XML is tracked and a random selection for the next key is used for keyAlias or keyAliasRange. B-6 Dell Encryption Key Mgr User's Guide After the installation is returned. A readme file included on one GroupID is specified, a KeyManagerException is running,...the KeyGroups.xml for the list of symmetric keys.Each specification of keyAliasList contains either a value for LTO 4 | and LTO 5 tape drives. | Required Optional. Must be specified on your Dell product media and available at http://support.dell.com provides more values for a name or alias ...
....keystore.file in the Key Groups XML is tracked and a random selection for the next key is used for keyAlias or keyAliasRange. B-6 Dell Encryption Key Mgr User's Guide After the installation is returned. A readme file included on one GroupID is specified, a KeyManagerException is running,...the KeyGroups.xml for the list of symmetric keys.Each specification of keyAliasList contains either a value for LTO 4 | and LTO 5 tape drives. | Required Optional. Must be specified on your Dell product media and available at http://support.dell.com provides more values for a name or alias ...
Dell PowerVault ML6000 Encryption Key Manager User's Guide
Page 113
... from which the Encryption Key Manager is running on which an encrypting tape drive is not what people normally expect for a directory structure specification Must I still include the ″config.drivetable.file.url = FILE:/filename″ parameter in Windows. Is FILE:/filename the correct syntax... for new key C-1 This is a URL specification and is accessed. If you also should I use back slashes in the description. When the Encryption Key Manager is configured this way certificate...
... from which the Encryption Key Manager is running on which an encrypting tape drive is not what people normally expect for a directory structure specification Must I still include the ″config.drivetable.file.url = FILE:/filename″ parameter in Windows. Is FILE:/filename the correct syntax... for new key C-1 This is a URL specification and is accessed. If you also should I use back slashes in the description. When the Encryption Key Manager is configured this way certificate...
Dell PowerVault TL2000/TL4000 - Important Information
Page 8
... (located in order to recover from the backup in the Dell PowerVault Encryption Key Manager Quick Start Guide. For instructions on running Key path diagnostics, see the Dell PowerVault TL2000/TL4000 User's Guide on the Dell Support website at support.dell.com. 8 Important Information The following the instruction in the ...the library cannot access the EKM server. To set up a redundant EKM server: a Select a second server to power cycle the specific drive that the EKM server be the same as the original EKM. When the IP address of keys, keystore name, and keystore password...
... (located in order to recover from the backup in the Dell PowerVault Encryption Key Manager Quick Start Guide. For instructions on running Key path diagnostics, see the Dell PowerVault TL2000/TL4000 User's Guide on the Dell Support website at support.dell.com. 8 Important Information The following the instruction in the ...the library cannot access the EKM server. To set up a redundant EKM server: a Select a second server to power cycle the specific drive that the EKM server be the same as the original EKM. When the IP address of keys, keystore name, and keystore password...
Dell Model TL2000/TL4000 Tape Library- User's Guide
Page 7
...Data Transfer Rate 1-8 Ultrium Tape Drives 1-8 Speed Matching 1-10 Channel Calibration 1-10 Power Management 1-10 Media 1-10 Library Specifications 1-11 Product Environment 1-13 Supported Device Drivers 1-13 Chapter 2. xiii Danger Notice xiii Caution Notice xiii Laser Safety and ...Desktop Installation ONLY 4-3 Removing and Storing the Shipping Lock . . . 4-4 Rackmounting the Library (for Common Library Features iii Contacting Dell iii Figures vii Tables xi Safety and Environmental Notices . . Operations 5-1 Operator Control Panel Navigation 5-7 Operator Control Panel Menu Tree...
...Data Transfer Rate 1-8 Ultrium Tape Drives 1-8 Speed Matching 1-10 Channel Calibration 1-10 Power Management 1-10 Media 1-10 Library Specifications 1-11 Product Environment 1-13 Supported Device Drivers 1-13 Chapter 2. xiii Danger Notice xiii Caution Notice xiii Laser Safety and ...Desktop Installation ONLY 4-3 Removing and Storing the Shipping Lock . . . 4-4 Rackmounting the Library (for Common Library Features iii Contacting Dell iii Figures vii Tables xi Safety and Environmental Notices . . Operations 5-1 Operator Control Panel Navigation 5-7 Operator Control Panel Menu Tree...
Dell Model TL2000/TL4000 Tape Library- User's Guide
Page 8
...10. SCSI Element Types, SCSI Addresses, and Physical Configurations A-1 2U Library I -1 Index X-1 vi Dell PowerVault TL2000 Tape Library and TL4000 Tape Library User's Guide A-1 4U Library I/O Slots, Storage Slots, and Drive Slots Element Addresses and... Proper Packaging 6-7 Provide Proper Acclimation and Environmental Conditions 6-8 Perform a Thorough Inspection 6-8 Handle the Cartridge Carefully 6-9 Environmental and Shipping Specifications for Tape Cartridges 6-9 Chapter 7. Using Ultrium Media . . . . 6-1 Data Cartridges 6-1 Cartridge Compatibility 6-2 WORM (Write Once...
...10. SCSI Element Types, SCSI Addresses, and Physical Configurations A-1 2U Library I -1 Index X-1 vi Dell PowerVault TL2000 Tape Library and TL4000 Tape Library User's Guide A-1 4U Library I/O Slots, Storage Slots, and Drive Slots Element Addresses and... Proper Packaging 6-7 Provide Proper Acclimation and Environmental Conditions 6-8 Perform a Thorough Inspection 6-8 Handle the Cartridge Carefully 6-9 Environmental and Shipping Specifications for Tape Cartridges 6-9 Chapter 7. Using Ultrium Media . . . . 6-1 Data Cartridges 6-1 Cartridge Compatibility 6-2 WORM (Write Once...
Dell Model TL2000/TL4000 Tape Library- User's Guide
Page 13
...storage capacity and data transfer rate 1-8 Physical Specifications 1-11 Power Specifications 1-11 Operation Specifications: Ultrium 5 1-11 Operation Specifications: Ultrium 4 1-11 Operation Specifications: Ultrium 3 1-12 Environmental Specifications . . . . . 1-12 Host ... 5-35 Library Status page elements . . . . . 5-37 Drive Status page elements 5-38 Configure Library: General page elements 5-44 Configure Library: Specific page elements 5-44 5-12. 6-1. 6-2. 6-3. 6-4. 6-5. 7-1. 7-2. 8-1. 8-2. 8-3. 10-1. A-2. A-2 TapeAlert Flags Supported by the Ultrium Tape Drive...
...storage capacity and data transfer rate 1-8 Physical Specifications 1-11 Power Specifications 1-11 Operation Specifications: Ultrium 5 1-11 Operation Specifications: Ultrium 4 1-11 Operation Specifications: Ultrium 3 1-12 Environmental Specifications . . . . . 1-12 Host ... 5-35 Library Status page elements . . . . . 5-37 Drive Status page elements 5-38 Configure Library: General page elements 5-44 Configure Library: Specific page elements 5-44 5-12. 6-1. 6-2. 6-3. 6-4. 6-5. 7-1. 7-2. 8-1. 8-2. 8-3. 10-1. A-2. A-2 TapeAlert Flags Supported by the Ultrium Tape Drive...