Dell PowerVault TL4000 Dell PowerVault ML6000 Encryption Key Manager User's - Page 113
Appendix C. Frequently Asked Questions
View all Dell PowerVault TL4000 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 113 highlights
Appendix C. Frequently Asked Questions Can some combination of application-based key management and library-managed encryption be used? No. When application-managed encryption is used, the encryption is transparent at the library layers. Likewise, when library-managed encryption is used, the process is transparent at the other layers. Each method of encryption management is exclusive of the others. For library-managed encryption, the applications need not be changed in any way. Must the Encryption Key Manager be installed and running on every system that might generate a request to encrypt or decrypt a tape? With library-managed encryption, the system from which the tape drive write request originates need NOT be the system on which the Encryption Key Manager is running. Furthermore, an instance of Encryption Key Manager need NOT be running on every system from which an encrypting tape drive is accessed. If I include the ″drive.acceptUnknownDrives = True″ parameter, should I still include the ″config.drivetable.file.url = FILE:/filename″ parameter in the configuration file? config.drivetable.file.url must always be specified. It is where the drive information will be. If you set drive.acceptUnknownDrives = True you also should specify the drive.default.alias1 and drive.default.alias2 variables to the correct certificate alias/key label. Is FILE:/filename the correct syntax for the config.drivetable.file.url property? FILE:///filename appears in the sample file, and FILE:../ in the description. The examples are correct. This is a URL specification and is not what people normally expect for a directory structure specification Must I use forward or backward slashes when specifying fully-qualified paths in the KeyManagerConfig.properties file for an instance of Encryption Key Manager running on Windows? Because KeyManagerConfig.properties is a Java properties file, only forward slashes are recognized in pathnames, even in Windows. If you use back slashes in the KeyManagerConfig.properties file, errors will occur. Does the Encryption Key Manager perform any Certificate Revocation List (CRL) checking? No, the Encryption Key Manager does not perform any CRL checking What happens when the certificate being used to encrypt the tapes expires? Will the Encryption Key Manager read previously encrypted tapes? It does not matter to Encryption Key Manager if the certificate has expired. It will continue to honor these certificates and read previously encrypted tapes. However the expired certificate must remain in the keystore in order for previously encrypted tapes to be read or appended. Will the Encryption Key Manager require that a certificate be renamed on renewal? The Encryption Key Manager is configured by default to honor new key requests with expired certificates. When the Encryption Key Manager is configured this way certificate renewal is not required. If this function is disabled and this private key/certificate pair must still be used for new key C-1