Dell PowerVault TL4000 Dell PowerVault ML6000 Encryption Key Manager User's - Page 53
Configuration Basics, Automatic Synchronization
View all Dell PowerVault TL4000 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 53 highlights
Automatic Synchronization The drive table and properties file can be sent from a primary key manager server to a secondary server automatically. The secondary server must be running for synchronization of the data to occur. To automatically synchronize the data from the primary to the secondary, the following four properties in the primary server KeyManagerConfig.properties file must be specified. There are no changes required to the secondary or receiving server properties file. sync.ipaddress Specifies the address and ssl port of the receiving server, for example, sync.ipaddress = backupekm.server.ibm.com:1443 If this property is unspecified or specified incorrectly, automatic synchronization is disabled. sync.action Merge or rewrite the existing data in the receiving server Valid values are merge (default) and rewrite. Synchronizing the configuration properties always results in a rewrite. sync.timeinhours How often the data should be sent. The value is specified in whole numbers (hours). The time interval begins when the server is started, that is, the synchronization will occur after the server has been running for the specified number of hours. The default is 24. sync.type Which data should be sent. Valid values are drivetab (default), config, and all. Configuration Basics Note: If you followed the procedure in "Using the GUI to Create a Configuration File, Keystore, and Certificates" on page 3-5, then a basic configuration is already created and you do not have to perform any of the steps below. This information shows how to perform these tasks without using the GUI, and may be useful if you wish to take advantage of additional configuration options. Note to Windows Users: Windows does not accept commands with directory paths that contain blanks. When entering commands it may be necessary to specify the short name generated for such directories, for example progra~1 instead of Program Files. To list directory short names, issue the dir /x command. This procedure contains the minimum steps necessary to configure the Encryption Key Manager. Appendix A includes examples of server configuration property files. See Appendix B for a complete list of all properties for both server and client configuration. 1. Use keytool to manage JCEKS keystores. When creating the keystore, take note of the path and filename as well as the names given to the certificates and keys. This information will be used in later steps. 2. Create a keystore if none exists. Add or import the certificates and keys that will be used with your tape drives to this new keystore. (See "Generating Chapter 4. Configuring the Encryption Key Manager 4-3