Chapter 2. Planning Your Encryption Key Manager Environment; Encryption Setup Tasks At A Glance; Encryption Key Manager Setup Tasks; Planning For Library-Managed Tape Encryption - Dell PowerVault ML6000 User Manual
Dell powervault ml6000 encryption key manager user's guide
Hide thumbs
Also See for PowerVault ML6000:
- Maintenance manual (494 pages) ,
- Reference manual (156 pages) ,
- Getting started manual (134 pages)
Table of Contents
Advertisement
Chapter 2. Planning Your Encryption Key Manager
Environment
Encryption Setup Tasks at a Glance
Encryption Key Manager Setup Tasks
|
Planning for Library-Managed Tape Encryption
|
This section is intended to provide information to allow you to determine the best
Encryption Key Manager configuration for your needs. Many factors must be
considered when you are planning how to set up your encryption strategy.
Before you can use the encryption capability of the tape drive, certain software and
hardware requirements must be met. The following checklists are intended to help
you meet these requirements.
Before you can encrypt tapes, the Encryption Key Manager must first be
configured and running so that it can communicate with the encrypting tape
drives. The Encryption Key Manager need not be running while tape drives are
being installed, but it must be running in order to perform encryption.
v Decide what system platform(s) to use as Encryption Key Manager server(s).
v Upgrade server operating system if necessary. (See "Hardware and Software
Requirements" on page 2-2.)
v Install Java Unrestricted Policy Files. (See "Hardware and Software
Requirements" on page 2-2.)
v Upgrade the Encryption Key Manager JAR. (See "Downloading the Latest
Version Key Manager ISO Image" on page 3-1.)
v Create keys, certificates, and key groups.
"Using the GUI to Create a Configuration File, Keystore, and Certificates" on
page 3-5
"Creating and Managing Key Groups" on page 3-14
v These steps are not required if you follow the procedure in "Using the GUI to
Create a Configuration File, Keystore, and Certificates" on page 3-5, unless you
wish to take advantage of additional configuration options:
– If necessary, import keys and certificates. (See "Importing Data Keys Using
Keytool -importseckey " on page 3-12.)
– Define the configuration properties file. (See Chapter 4, "Configuring the
Encryption Key Manager," on page 4-1.)
– Define tape drives to the Encryption Key Manager or set
drive.acceptUnknownDrives configuration property value on. (See
"adddrive" on page 5-8 to define drives explicitly, or see "Automatically
Update Tape Drive Table" on page 4-1.)
– Start the Encryption Key Manager server. (See "Starting, Refreshing, and
Stopping the Key Manager Server" on page 5-1.)
– Start the command line interface client. (See "The Command Line Interface
Client" on page 5-5.)
In order to perform encryption, you require:
v Encryption-capable LTO 4 and LTO 5 Tape Drive(s)
2-1
Advertisement
Table of Contents
