Dell PowerVault TL4000 Dell PowerVault ML6000 Encryption Key Manager User's - Page 3

Contents Figures v Tables vii Generating Keys and Aliases for Encryption on | LTO 4 and LTO 5 3-9 Creating and Managing Key Groups . . . . . 3-14 Preface ix About this Book ix Who Should Read this Book ix Conventions and Terminology Used in this Book ix Attention Notice ix Related Publications x Linux Information x Microsoft Windows Information x Online Support x Chapter 4. Configuring the Encryption Key Manager 4-1 Using the GUI to Configure the Encryption Key Manager 4-1 Configuration Strategies 4-1 Automatically Update Tape Drive Table. . . . 4-1 Synchronizing Data Between Two Key Manager Servers 4-2 Configuration Basics 4-3 Read this First xi Contacting Dell xi Chapter 1. Tape Encryption Overview Components Managing Encryption Application-Managed Tape Encryption . . . Library-Managed Tape Encryption . . . . About Encryption Keys 1-1 . 1-1 . 1-2 . 1-4 . 1-5 . 1-5 Chapter 2. Planning Your Encryption Key Manager Environment 2-1 Encryption Setup Tasks at a Glance 2-1 Encryption Key Manager Setup Tasks . . . . 2-1 Planning for Library-Managed Tape Encryption 2-1 Hardware and Software Requirements . . . . . 2-2 Linux Solution Components 2-2 Windows Solution Components 2-3 Keystore Considerations 2-3 The JCEKS Keystore 2-3 | Encryption Keys and the LTO 4 and LTO 5 Tape Drives 2-4 Backing up Keystore Data 2-5 Multiple Key Managers for Redundancy . . . 2-7 Encryption Key Manager Server Configurations 2-7 Disaster Recovery Site Considerations . . . . . 2-9 Considerations for Sharing Encrypted Tapes Offsite 2-9 Federal Information Processing Standard 140-2 Considerations 2-10 Chapter 3. Installing the Encryption Key Manager and Keystores . . . . . 3-1 | Downloading the Latest Version Key Manager ISO | Image 3-1 Installing the Encryption Key Manager on Linux 3-1 Installing the Encryption Key Manager on Windows 3-2 Using the GUI to Create a Configuration File, Keystore, and Certificates 3-5 Chapter 5. Administering the Encryption Key Manager 5-1 Starting, Refreshing, and Stopping the Key Manager Server 5-1 The Command Line Interface Client 5-5 CLI Commands 5-7 Chapter 6. Problem Determination . . 6-1 Check These Important Files for Encryption Key Manager Server Problems 6-1 Debugging Communication Problems Between the CLI Client and the EKM Server 6-2 Debugging Key Manager Server Problems . . . . 6-2 Encryption Key Manager-Reported Errors . . . . 6-5 Messages 6-9 Config File not Specified 6-9 Failed to Add Drive 6-10 Failed to Archive the Log File 6-10 Failed to Delete the Configuration . . . . . 6-10 Failed to Delete the Drive Entry 6-11 Failed to Import 6-11 Failed to Modify the Configuration . . . . . 6-11 File Name Cannot be Null 6-11 File Size Limit Cannot be a Negative Number 6-12 No Data to be Synchronized 6-12 Invalid Input 6-12 Invalid SSL Port Number in Configuration File 6-13 Invalid TCP Port Number in Configuration File 6-13 Must Specify SSL Port Number in Configuration File 6-13 Must Specify TCP Port Number in Configuration File 6-14 Server Failed to Start 6-14 Sync Failed 6-14 The Specified Audit Log File is Read Only . . 6-15 Unable to Load the Admin Keystore . . . . 6-15 Unable to load the keystore 6-16 Unable to Load the Transport Keystore . . . 6-16 Unsupported Action 6-16 iii