Dell PowerVault TL4000 Dell PowerVault ML6000 Encryption Key Manager User's - Page 27
Multiple Key Managers for Redundancy, Encryption Key Manager Server Configurations - tape library manual
 |
View all Dell PowerVault TL4000 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 27 highlights
Multiple Key Managers for Redundancy The Encryption Key Manager is designed to work with tape drives and libraries to allow redundancy, and thus high availability, so you can have multiple key managers servicing the same tape drives and libraries. Moreover, these key managers need not be on the same systems as the tape drives and libraries. The maximum number of key managers depends on your library or proxy. The only requirement is that they be available to the tape drives through TCP/IP connectivity. This allows you to have two Encryption Key Managers that are mirror images of each other with built-in backup of the critical information about your keystores, as well as a failover in the event one key manager becomes unavailable. When you configure your device (or proxy) you can point it to two key managers. If one key manager becomes unavailable for any reason, your device (or library) will simply use the alternate key manager. You also have the capability to keep the two Encryption Key Managers synchronized. It is critical that you take advantage of this important function when needed, both for its inherent backup of critical data and also for its failover capability to avoid any outages in your tape operations. Refer to "Synchronizing Data Between Two Key Manager Servers" on page 4-2. Note: Synchronization does not include keystores. They must be copied manually. Encryption Key Manager Server Configurations The Encryption Key Manager may be installed on a single-server or on multiple servers. The following examples show one- and two-key manager configurations but your library may allow more. Single-Server Configuration A single-server configuration, shown in Figure 2-4, is the simplest Encryption Key Manager configuration. However, because of the lack of redundancy it is not recommended. In this configuration, all tape drives rely on a single key manager server with no backup. Should the server go down, the keystore, configuration file, KeyGroups.xml file, and drive table would be unavailable, making any encrypted tape unreadable. In a single-server configuration you must ensure that backup copies of the keystore, configuration file, KeyGroups.xml file, and drive table are maintained in a safe place, separate from the Encryption Key Manager, so its function can be rebuilt on a replacement server if the server copies are lost. | Encryption Key Store Key Manager Drive Table Config File Key Groups a14m0256 Tape Library A | | Figure 2-4. Single Server Configuration | Tape Library B Tape Library C Chapter 2. Planning Your Encryption Key Manager Environment 2-7
-
1 -
2
-
3
-
4
-
5
-
6
-
7
-
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22 -
23 -
24 -
25 -
26 -
27 -
28 -
29 -
30 -
31 -
32 -
33
-
34
-
35
-
36
-
37
-
38
-
39
-
40
-
41
-
42
-
43
-
44
-
45
-
46
-
47
-
48
-
49
-
50
-
51
-
52
-
53
-
54
-
55
-
56
-
57
-
58
-
59
-
60
-
61
-
62
-
63
-
64
-
65
-
66
-
67
-
68
-
69
-
70
-
71
-
72
-
73
-
74
-
75
-
76
-
77
-
78
-
79
-
80
-
81
-
82
-
83
-
84
-
85
-
86
-
87
-
88
-
89
-
90
-
91
-
92
-
93
-
94
-
95
-
96
-
97
-
98
-
99
-
100
-
101
-
102
-
103
-
104
-
105
-
106
-
107
-
108
-
109
-
110
-
111
-
112
-
113
-
114
-
115
-
116
-
117
-
118
-
119
-
120
-
121
-
122
 |
 |
