Home » Dell Manuals » Storage Devices » Dell PowerVault TL2000 » Manual Viewer

Dell PowerVault TL2000 Dell PowerVault ML6000 Encryption Key Manager User's - Page 48

Using CLI Commands to Define Key Groups, Submit Changes, createkeygroup, createkeygroup -password

View all Dell PowerVault TL2000 manuals

Add to My Manuals
Save this manual to your list of manuals

Page 48 highlights

a14m0245 Figure 3-10. Delete Drive 3. Select the tape drive from the Drive List. 4. Verify the drive name at the bottom of the window and click Submit Changes. Using CLI Commands to Define Key Groups The Encryption Key Manager has a key group feature that allows you to group sets of keys. Once the Encryption Key Manager application is installed and configured (keystore and keys generated) and the Encryption Key Manager server is started, log in to into the server using the client and follow these steps: 1. Run the createkeygroup command. This command creates the initial key group object in the KeyGroups.xml file. Run this only once. Syntax: createkeygroup -password password -password The password that is used to encrypt the keystore's password in the KeyGroups.xml file for later retrieval. The keystore encrypts the key group's key, which in turn encrypts each individual key group alias password. Therefore no key in the KeyGroups.xml file is in the clear. Example: createkeygroup -password a75xynrd 2. Run the addkeygroup command. This command creates an instance of a key group with a unique Group ID in the KeyGroups.xml. 3-18 Dell Encryption Key Mgr User's Guide

Section	Page
Contents	3
Figures	5
Tables	7
Preface	9
About this Book	9
Who Should Read this Book	9
Conventions and Terminology Used in this Book	9
Attention Notice	9
Related Publications	10
Linux Information	10
Red Hat Information	10
SuSE Information	10
Microsoft Windows Information	10
Online Support	10
Read this First	11
Contacting Dell	11
Chapter 1. Tape Encryption Overview	13
Components	13
Managing Encryption	14
Application-Managed Tape Encryption	16
Library-Managed Tape Encryption	17
About Encryption Keys	17
Chapter 2. Planning Your Encryption Key Manager Environment	21
Encryption Setup Tasks at a Glance	21
Encryption Key Manager Setup Tasks	21
Planning for Library-Managed Tape Encryption	21
Hardware and Software Requirements	22
Linux Solution Components	22
Windows Solution Components	23
Keystore Considerations	23
The JCEKS Keystore	23
Encryption Keys and the LTO 4 and LTO 5 Tape Drives	24
Backing up Keystore Data	25
Multiple Key Managers for Redundancy	27
Encryption Key Manager Server Configurations	27
Single-Server Configuration	27
Two-Server Configurations	28
Disaster Recovery Site Considerations	29
Considerations for Sharing Encrypted Tapes Offsite	29
Federal Information Processing Standard 140-2 Considerations	30
Chapter 3. Installing the Encryption Key Manager and Keystores	31
Downloading the Latest Version Key Manager ISO Image	31
Installing the Encryption Key Manager on Linux	31
Installing the Encryption Key Manager on Windows	32
Using the GUI to Create a Configuration File, Keystore, and Certificates	35
Generating Keys and Aliases for Encryption on LTO 4 and LTO 5	39
Creating and Managing Key Groups	44
Chapter 4. Configuring the Encryption Key Manager	51
Using the GUI to Configure the Encryption Key Manager	51
Configuration Strategies	51
Automatically Update Tape Drive Table	51
Synchronizing Data Between Two Key Manager Servers	52
Configuration Basics	53
Chapter 5. Administering the Encryption Key Manager	57
Starting, Refreshing, and Stopping the Key Manager Server	57
The Command Line Interface Client	61
CLI Commands	63
Chapter 6. Problem Determination	71
Check These Important Files for Encryption Key Manager Server Problems	71
Debugging Communication Problems Between the CLI Client and the EKM Server	72
Debugging Key Manager Server Problems	72
Encryption Key Manager-Reported Errors	75
Messages	79
Config File not Specified	79
Failed to Add Drive	80
Failed to Archive the Log File	80
Failed to Delete the Configuration	80
Failed to Delete the Drive Entry	81
Failed to Import	81
Failed to Modify the Configuration	81
File Name Cannot be Null	81
File Size Limit Cannot be a Negative Number	82
No Data to be Synchronized	82
Invalid Input	82
Invalid SSL Port Number in Configuration File	83
Invalid TCP Port Number in Configuration File	83
Must Specify SSL Port Number in Configuration File	83
Must Specify TCP Port Number in Configuration File	84
Server Failed to Start	84
Sync Failed	84
The Specified Audit Log File is Read Only	85
Unable to Load the Admin Keystore	85
Unable to load the keystore	86
Unable to Load the Transport Keystore	86
Unsupported Action	86
Chapter 7. Audit Records	89
Audit Overview	89
Audit Configuration Parameters	89
Audit.event.types	89
Audit.event.outcome	90
Audit.eventQueue.max	90
Audit.handler.file.directory	90
Audit.handler.file.size	91
Audit.handler.file.name	91
Audit.handler.file.multithreads	92
Audit.handler.file.threadlifespan	92
Audit Record Format	92
Audit Points in the Encryption Key Manager	93
Audit Record Attributes	93
Audited Events	95
Chapter 8. Using Metadata	97
Appendix A. Sample Files	101
Sample startup daemon script	101
Linux Platforms	101
Sample Configuration Files	101
Appendix B. Encryption Key Manager Configuration Properties Files	103
Encryption Key Manager Server Configuration Properties File	103
CLI Client Configuration Properties File	111
Appendix C. Frequently Asked Questions	113
Notices	115
Trademarks	115
Glossary	117
Index	119
A	119
C	119
D	119
E	119
F	119
G	119
H	119
I	119
J	119
K	119
L	119
M	119
N	119
P	119
R	120
S	120
T	120
W	120