Quantum Scalar i40 Quick Start Manual
  1. Manuals
  2. Brands
  3. Quantum Manuals
  4. Storage
  5. Scalar i40
  6. Quick start manual

Quantum Scalar i40 Quick Start Manual

Scalar key manager
Hide thumbs Also See for Scalar i40:
Table of Contents

Advertisement

Quick Links

See also: User Manual , Installation Manual
Scalar Key Manager 2.5
This quick start guide provides basic installation and configuration
instructions for the Scalar® Key Manager (SKM). SKM can be deployed in
one of two ways:
• a pair of physical appliances (servers) purchased from Quantum, or
• a pair of virtual machines (VMs) installed in a VMware® or KVM
environment.
Definition of terms: This guide uses the following terms to differentiate
between the two types of deployment:
• SKM appliance server - Physical key server purchased from
Quantum.
• SKM VM server - Virtual machine key server purchased from
Quantum and installed in a VMware or KVM environment.
• SKM server - Generic term applying to either an SKM appliance server
or an SKM VM server.
These instructions guide you through installing and configuring both
options. For more information, see the
located at
http://www.quantum.com/ServiceandSupport/
SoftwareandDocumentationDownloads/SKM/Index.aspx. (Scroll down and
click the Documentation tab, and then locate the Product Use Guides
heading.)
Perform all of the steps, in order, before you begin encrypting tapes.
This instruction uses the following conventions:
Note: Notes emphasize important information related to the main topic.
Caution: Cautions indicate potential hazards to equipment and are
included to prevent damage to equipment.

Quick Start Guide

Scalar Key Manager User's Guide
Scalar Key Manager 2.5
Contents
................................. 2
Items Required for Setup ................. 2
Servers .............................................. 5
VMware Servers .................................... 9
VMware ............................................ 9
VMware .......................................11
VMware .......................................... 11
Servers ................................................ 17
KVM ................................................ 17
KVM ................................................ 21
Installation Process ......................... 25
provided TLS Certificates ................ 27
Begin the Installation ..................... 28
Option ............................................ 28
-d Option ........................................ 31
Certificates ..................................... 36
Scalar i500 Tape Libraries ............... 38
Tape Library .................................... 40
Library ............................................ 41
Backing Up the Servers ....................... 43
www.quantum.com

Advertisement

Table of Contents
loading

Related Manuals for Quantum Scalar i40

Summary of Contents for Quantum Scalar i40

  • Page 1: Table Of Contents

    Equipment and Software Needed for one of two ways: KVM ..........17 • a pair of physical appliances (servers) purchased from Quantum, or Deploying the .raw Image on KVM 18 Configuring the SKM VM Servers on • a pair of virtual machines (VMs) installed in a VMware® or KVM KVM ..........

  • Page 2: Installing And Configuring The Skm Appliance Servers

    Do not install additional hardware on the servers. Never install any software, file, or operating system on the servers unless it is an upgrade or patch supplied by Quantum. Doing so can make your server inoperable and will void your warranty.

  • Page 3: Installing The Skm Appliance Servers

    Scalar Key Manager 2.5 • The SKM server must have IP connectivity through any firewalls to all Quantum libraries using the SKM appliance server to obtain encryption keys. • SKM uses TCP ports 80, 6000 and 6001 for SKM server communication. These ports must all be open on your network in a bi-directional mode in order for SKM communication between the SKM servers and libraries to work.
  • Page 4 Quantum Scalar Key Manager 2.5 Quick Start Guide Figure 1 SKM Appliance Server The rear of your server looks like one of the drawings below. Rear Panel M2 and earlier Ethernet Port 2  Ethernet Port 1 Power cord (configuration)

  • Page 5: Configuring The Skm Appliance Servers

    Scalar Key Manager 2.5 5 Power on the SKM appliance server by pressing the power button on the front of the server (see Figure Figure 2 Front Panel M3 and earlier Power-on LED Power Button M4 and later Power Button and LED Power Button and LED 6 Again, observe the power-on LED on the front panel.
  • Page 6 Quantum Scalar Key Manager 2.5 Quick Start Guide 1 Set the IP address of the laptop or PC you will use to connect to the SKM appliance server to 192.168.18.100. 2 Connect a CAT5e crossover Ethernet cable from the laptop or PC to Ethernet Port 1...
  • Page 7 SKM server IP address, netmask, and gateway. If you press <Enter> without entering a value, the existing value remains. Note: To ensure proper TLS certificate generation, Quantum recommends setting both the Primary and Secondary SKM servers to the same date, time and time zone even if they are in different time zones.
  • Page 8 Quantum Scalar Key Manager 2.5 Quick Start Guide Note: Ports are identified on the back of the server as Port 1 and Port 2, but when configuring SKM through the console the ports are referred to onscreen as Ports 0 and 1 respectively. (That is, labeled Port 1 = Port 0 in the console, and labeled Port 2 = Port 1 in the console.)

  • Page 9: Installing And Configuring The Skm Vmware Servers

    Caution: It is recommended that the two SKM VM servers be installed in different physical locations to provide better protection in case of disaster. Caution: Quantum requires that you do not install any software, file, or operating system on the SKM VM server unless it is an upgrade or patch supplied by Quantum.
  • Page 10 (SFTP). Two such utilities are PuTTY, available at http:// www.chiark.greenend.org.uk/~sgtatham/putty/ and WinSCP, available at http:// winscp.net. • The SKM server must have IP connectivity through any firewalls to all Quantum libraries using the SKM appliance server to obtain encryption keys. Installing and Configuring the SKM VMware Servers...

  • Page 11: Deploying The .Ova Image On Vmware

    Scalar Key Manager 2.5 • SKM uses TCP ports 80, 6000 and 6001 for SKM server communication. These ports must all be open on your network in a bi-directional mode in order for SKM communication between the SKM servers and libraries to work. Deploying the .ova Follow the instructions below for .
  • Page 12 Quantum Scalar Key Manager 2.5 Quick Start Guide Allow 30 minutes per server to complete the configuration. 1 Using vSphere Client, make sure the SKM VM server you just created is powered OFF (right-click the VM server, select Power, then select Power Off).
  • Page 13 Scalar Key Manager 2.5 Figure 6 Video Card Settings 5 Power ON the SKM VM server (right-click the SKM VM server in the left panel, select Power, then select Power On). 6 Highlight the SKM VM server in the left panel. 7 In the right panel, click the Console tab.
  • Page 14   If you forget the password, you will lose login access to the SKM server, including backup and restore capability. Quantum will NOT be able to restore the password.  CAUTION! CAUTION! CAUTION! CAUTION! CAUTION! •...
  • Page 15 IP address, netmask, and gateway. If you press <Enter> without entering a value, the existing value remains. Note: To ensure proper TLS certificate generation, Quantum recommends setting both the Primary and Secondary SKM servers to the same date, time and time zone even if they are in different time zones.
  • Page 16 Quantum Scalar Key Manager 2.5 Quick Start Guide Figure 8 SKM Admin Commands 20 At the Command prompt, type and press <Enter> to quit, save your changes, and restart the SKM key server. This process takes a few seconds. Note: You MUST quit at this point. Otherwise your changes will not be saved and you will not be able to continue the installation process.

  • Page 17: Installing And Configuring The Skm Kvm Servers

    Caution: It is recommended that the two SKM VM servers be installed in different physical locations to provide better protection in case of disaster. Caution: Quantum requires that you do not install any software, file, or operating system on the SKM VM server unless it is an upgrade or patch supplied by Quantum.

  • Page 18: Deploying The .Raw Image On Kvm

    Note: Requires SKM 2.4 (240Q) or later • The SKM server must have IP connectivity through any firewalls to all Quantum libraries using the SKM appliance server to obtain encryption keys. • SKM uses TCP ports 80, 6000 and 6001 for SKM server communication. These ports must all be open on your network in a bi-directional mode in order for SKM communication between the SKM servers and libraries to work.
  • Page 19 Scalar Key Manager 2.5 6 In the Name field, type the name of the new virtual machine. 7 Select Import existing disk image and click Forward. 8 Click Browse and navigate to the .raw file. 9 For OS type select Linux and for Version select Ubuntu [version] (Lucid Lynx). Click Forward.
  • Page 20 Quantum Scalar Key Manager 2.5 Quick Start Guide 10 For Memory (RAM) select 1024 and for CPUs select 2. Click Forward. 11 For Advanced Options select the host device which corresponds with your virtual network interface. Installing and Configuring the SKM KVM Servers...

  • Page 21: Configuring The Skm Vm Servers On Kvm

    Scalar Key Manager 2.5 12 Select Set a fixed MAC address and enter the MAC address provided on the installation CD. Ensure Virt Type is set to kvm and the Architecture is set to the default value. 13 Click Finish when done. A progress bar displays on the screen.
  • Page 22 Quantum Scalar Key Manager 2.5 Quick Start Guide Note: If you receive the following error message when trying to use the console, follow the workaround steps listed below.  Error message: This kernel requires an x86-64 CPU, but only detected an xxxx CPU.
  • Page 23 IP address, netmask, and gateway. If you press <Enter> without entering a value, the existing value remains. Note: To ensure proper TLS certificate generation, Quantum recommends setting both the Primary and Secondary SKM servers to the same date, time and time zone even if they are in different time zones.
  • Page 24 Quantum Scalar Key Manager 2.5 Quick Start Guide Note: The default SKM VM server IP address is: 192.168.20.4. 14 When finished press <Enter>. A message lets you know there are no certificates loaded on the SKM server. 15 Press <Enter>.

  • Page 25: Installing Tls Certificates On The Skm Server For Pre-Skm 2.4 (240Q)

    Installing TLS Certificates on the SKM Server for Pre-SKM 2.4 (240Q) TLS certificates are required on the SKM server. You can choose to use the Quantum- provided TLS certificates or install your own, as follows: • SKM appliance server: The SKM appliance server comes with Quantum-provided TLS certificates already installed.
  • Page 26 The Display/update TLS communication certificates menu displays. 9 Using SFTP, transfer the Quantum certificate bundle file or your own certificates to the /home/akmadmin/certs directory on the SKM server. Be sure to move the appropriate bundle; there is a primary bundle and a secondary bundle.

  • Page 27: Requirements For Installing User-Provided Tls Certificates

    Note: If you install your own TLS certificates on the SKM server, you must also install your own certificates on the library. Similarly, if you use the Quantum-provided TLS certificates on the SKM server, you must also use the Quantum provided TLS certificates on the library. Some newer libraries come with Quantum-provided TLS certificates pre-installed, and other newer libraries require certificate installation.

  • Page 28: Installing Tls Certificates On The Skm

    • By executing the script using the “-d” option. Certificates are generated using a set of default values similar to the certificates currently provided by Quantum. without • By executing the script using the “-d” option. If the “-d” option is not used, information used to generate the certificates must be provided.
  • Page 29 Scalar Key Manager 2.5 The following illustration shows the default values (in brackets) used: 2 When prompted, enter and re-enter a password that will be used during the pk12 file generation. TLS certificate generation is completed using the default values. A message informs you when certificate generation is complete.
  • Page 30 Scalar • For the Scalar i40/i80, refer to “Importing Encryption Certificates” in the i40 and Scalar i80 User’s Guide • For the Scalar i2000/i6000, refer to “Step 3 — Installing TLS Communication Quantum Scalar i2000/i6000 User’s Guide...

  • Page 31: Executing The Script Without Using The -D Option

    Scalar Key Manager 2.5 Executing the Script Use the following procedure to generate certificates without using the -d option. This Without Using the -d method requires you to enter certificate values. If desired, you can press Enter to accept the default value (displayed in brackets) for any item. Option 1 Once logged into an SKM server running version 2.4 (240Q) or greater, execute to begin entering the values used to generate certificates.
  • Page 32 Quantum Scalar Key Manager 2.5 Quick Start Guide 4 At this time the only valid certificate digest is “SHA1”, so press Enter to accept the default value and continue. 5 Enter your two-character country identifier. 6 Enter your state or province name.
  • Page 33 Scalar Key Manager 2.5 8 Enter your company or organization name. 9 Enter your organizational unit or section name. 10 The next three entries are common names for the Tape libraries, SKM primary server and SKM secondary server. The names must be unique because these names will be used for the different sets of certificates.
  • Page 34 Quantum Scalar Key Manager 2.5 Quick Start Guide 11 The last entry is optional: an email address that will be included with the certificate information. 12 When prompted, confirm that the displayed information is correct. • Enter y to confirm and begin the certificate-generation process.
  • Page 35 Scalar • For the Scalar i40/i80, refer to “Importing Encryption Certificates” in the i40 and Scalar i80 User’s Guide • For the Scalar i2000/i6000, refer to “Step 3 — Installing TLS Communication Quantum Scalar i2000/i6000 User’s Guide...

  • Page 36: Generating Quantum Bundles For Certificates

    -R command. generatedcerts/ Generating Quantum After certificates are generated, follow this procedure to generate a set of Quantum Bundles for Certificates bundles that can be loaded onto the library and SKM servers using the user interface. 1 Enter the command genSKMcerts -Q Installing TLS Certificates on the SKM Server for SKM 2.4 (240Q) or Later...
  • Page 37 Scalar Key Manager 2.5 2 Onscreen messages provide status as the Quantum certificate bundles are generated using the default values, so no user input is required. (The generated bundle files are saved at /home/akmadmin/generatedcerts/qbundles After bundle generation is complete, load the bundles listed on the screen onto the library and SKM servers using the user interface.

  • Page 38: Configuring Your Library For Skm

    Configuring the Scalar i3/i6 Tape Library on page 41 Configuring the Perform these steps, in order, on the Scalar i40/i80 and Scalar i500 libraries only. Scalar i40/i80 and See the library user’s guide or online help for detailed instructions on how to Scalar i500 Tape complete each of these steps.
  • Page 39 Scalar Key Manager 2.5 4 Configure the SKM server IP addresses on the library. a From the library’s Web client, navigate to the encryption system configuration screen. b Enter the primary and secondary SKM server IP addresses or host names in the fields provided.

  • Page 40: Configuring The Scalar I2000/I6000 Tape Library

    TLS communication certificates are installed on the library. If you installed your own TLS certificates on the SKM servers, you must install your own TLS certificates on the library. If you used Quantum-supplied TLS certificates on the SKM servers, you must use Quantum-supplied certificates on the library.

  • Page 41: Configuring The Scalar I3/I6 Tape Library

    Refer to the i3 or i6 Documentation Center for detailed instructions on how to complete each of the following steps. • Scalar i3 Documentation Center: http://www.quantum.com/scalari3docs • Scalar i6 Documentation Center: http://www.quantum.com/scalari6docs 1 Install the Encryption Key Management (EKM) license on your library.

  • Page 42: Configuring Multiple Libraries

    Quantum Scalar Key Manager 2.5 Quick Start Guide Data encryption keys are generated. As soon as you apply the SKM server IP addresses, the library automatically triggers each SKM server to generate a set of unique data encryption keys. The key generation process should take 30 minutes or less to complete, depending on network performance.

  • Page 43: Backing Up The Servers

      If both servers are lost, and no backup exists, Quantum will be unable to restore any data from your encrypted media.  ...
  • Page 44 ©2017 Quantum Corporation. All rights reserved. Quantum and the Quantum logo are registered trademarks of Quantum Corporation and its affliates in the United States and/or other countries. All other trademarks are the property of their respective owners. Printed in USA.

This manual is also suitable for:

Scalar i80Scalar i500Scalar i6000Scalar i3Scalar i6Scalar i2000

Table of Contents