Scalar I500 User's Guide - Quantum scalar i500 User Manual

Scalar i500 User's Guide

If you are using a secondary Q-EKM key server, then
Note:
the port numbers for both the primary and secondary
key servers must be set to the same value. If they are
not, synchronization and failover will not occur.
• SKM — The port number is always 6000. You cannot change
SKM port numbers.
• KMIP Key Manager — The port number must match the
configured port number on the KMIP key manager server. A
typical port number used for communication between the KMIP
key manager server and the library is port 9003.
9 Click .
Apply
You cannot edit the encryption system configuration
Note:
settings when any partition is enabled for library
managed encryption. If this happens, go to Setup >
Encryption > Partition Configuration, change all EKM
partition settings from Enable Library Managed to
Allow Application Managed. Then make your changes
to the system configuration settings. Finally, go back and
change all the EKM partition settings to Enable Library
Managed.
10 Ensure all ports corresponding to the EKM servers are open on your
firewall to allow the library to connect to the servers. For SKM, ports
80, 6000, and 6001 must be open.
Step 4: Installing TLS Certificates on the Library (SKM Only)
If you are running SKM or a KMIP key manager, Transport Layer
Security (TLS) communication certificates with valid dates must be
installed on the library in order for the library to communicate securely
with attached EKM servers.
If you are using Q-EKM, skip this step. No TLS certificates are
Note:
required.
Chapter 7 Encryption Key Management
Configuring Encryption Key Management on the Library
7
178