Dell PowerVault TL4000 Dell PowerVault ML6000 Encryption Key Manager Quick
Dell PowerVault TL4000 Manual
View all Dell PowerVault TL4000 manuals
Add to My Manuals
Save this manual to your list of manuals |
Dell PowerVault TL4000 manual content summary:
- Dell PowerVault TL4000 | Dell PowerVault ML6000 Encryption Key Manager
Quick - Page 1
4 and LTO Ultrium 5 This guide gets you started with a basic configuration for encryption on LTO Gen 4 and LTO Gen 5 tape drives. Visit http://support.dell.com to download the latest library and drive firmware prior to installing and configuring the Dell PowerVault Encryption Key Manager to ensure - Dell PowerVault TL4000 | Dell PowerVault ML6000 Encryption Key Manager
Quick - Page 2
. The passwords are obfuscated to eliminate any security exposure. Changing the keystore password requires that the password on every key in that keystore be changed individually using the keytool command. See "Changing Keystore Passwords" in the Dell Encryption Key Manager User's Guide. 2 a14m0247 - Dell PowerVault TL4000 | Dell PowerVault ML6000 Encryption Key Manager
Quick - Page 3
2. EKM Server Certificate Configuration Page Note: Interrupting the Encryption Key Manager GUI during key generation requires an Encryption Key Manager re-install. Keystore file corruption will occur if your stop the Encryption Key Manager key generation process before it is complete. To recover - Dell PowerVault TL4000 | Dell PowerVault ML6000 Encryption Key Manager
Quick - Page 4
is to be saved. Click Backup. Figure 3. Backup Critical Files Window 5. The User Login page displays. Enter the default user name EKMAdmin and the default password changeME. Click Login. Figure 4. User Login Page The Dell Encryption Key Manager server is launched in the background. 6. Select Server - Dell PowerVault TL4000 | Dell PowerVault ML6000 Encryption Key Manager
Quick - Page 5
is installed in Dell Encryption Key Manager User's Guide for more information. c. Login to a CLI client on the Encryption Key Manager server using the following command: login -ekmuser userID -ekmpassword password where userID = EKMAdmin and password = changeME (This is the default Password - Dell PowerVault TL4000 | Dell PowerVault ML6000 Encryption Key Manager
Quick - Page 6
? [Unknown]: TX What is the two-letter country code for this unit? [Unknown]: US Is CN=ekmcert, OU=EKM, O=Dell, L=Austin, ST=TX, C=US correct?(type "yes or different password. This will cause the key password to be the same as the keystore password. Please note the keystore password entered here as - Dell PowerVault TL4000 | Dell PowerVault ML6000 Encryption Key Manager
Quick - Page 7
media provided with your product, for CLI command information. For More Information See the following publications for more information. v Dell Encryption Key Manager User's Guide (included on your Dell Encryption Key Manager CD and available at http://support.dell.com). v The Library Managed
Dell
™
PowerVault
™
Encryption Key Manager
Quick Start Guide for LTO Ultrium 4 and LTO Ultrium 5
This guide gets you started with a
basic configuration
for encryption on LTO Gen 4 and LTO Gen 5 tape
drives. Visit
to download the latest library and drive firmware prior to installing
and configuring the Dell PowerVault Encryption Key Manager to ensure that there are no issues.
The Dell PowerVault Encryption Key Manager (referred to as the Encryption Key Manager from this
point forward) is a Java
™
software program that assists encryption-enabled tape drives in generating,
protecting, storing, and maintaining encryption keys. These keys are used to encrypt information being
written to, and decrypt information being read from, LTO tape media. The Encryption Key Manager
operates on Linux
®
and Windows
®
, and is designed to be a shared resource deployed in several locations
within an enterprise.
This document shows how quickly you can install and set up the Encryption Key Manager using the
graphical user interface (GUI) or using commands. This document shows how to use the JCEKS keystore
type because the JCEKS keystore type is the easiest and most transportable of the keystores supported. If
you want more information about a particular step or another supported keystore type, see the
Dell
Encryption Key Manager User's Guide
, which can be found at:
or on the Dell
Encryption Key Manager media provided with your product.
Note:
IMPORTANT Encryption Key Manager HOST SERVER CONFIGURATION INFORMATION: It is
recommended that machines hosting the Dell Encryption Key Manager program use ECC memory
in order to minimize the risk of data loss. The Encryption Key Manager performs the function of
requesting the generation of encryption keys and passing those keys to the LTO-4 and LTO-5 tape
drives. The key material, in wrapped (encrypted form) resides in system memory during
processing by the Encryption Key Manager. Note that the key material must be transferred without
error to the appropriate tape drive so that data written on a cartridge may be recovered
(decrypted). If for some reason key material is corrupted due to a bit error in system memory, and
that key material is used to write data to a cartridge, then the data written to that cartridge will
not be recoverable (i.e. decrypted at a later date). There are safeguards in place to make sure that
such data errors do not occur. However, if the machine hosting the Encryption Key Manager is not
using Error Correction Code (ECC) memory there remains a possibility that the key material may
become corrupted while in system memory and the corruption could then cause data loss. The
chance of this occurrence is small, but it is always recommended that machines hosting critical
applications (like the Encryption Key Manager) use ECC memory.
Do This First: Install Encryption Key Manager Software
1.
Insert your Dell Encryption Key Manager CD. If installation does not start automatically in Windows,
navigate to the CD and double click on Install_Windows.bat.
For Linux, installation does not start automatically. Go to the CD root directory and enter
Install_Linux.sh
.
An end user license agreement is displayed. You must acknowledge this license agreement in order
for installation to continue.
The installation copies all contents (documentation, GUI files, and configuration property files)
appropriate to your operating system from the CD to your hard drive. During installation, your
system is checked for the correct IBM Java Runtime Environment. If not found, it is automatically
installed.
When installation is complete, the Graphical User Interface (GUI) is started.