Dell PowerVault TL4000 Dell PowerVault ML6000 Encryption Key Manager User's - Page 54
Note to Windows Users, Audit.Handler.File.Directory - admin password
View all Dell PowerVault TL4000 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 54 highlights
| Keys and Aliases for Encryption on LTO 4 and LTO 5" on page 3-9.) Take note of the names given to the certificates and keys. This information will be used in later steps. 3. Create key groups and populate with key aliases. See "Creating and Managing Key Groups" on page 3-14. 4. Using the text editor of your choice, open the KeyManagerConfig.properties to specify the following properties. Please note that the current design of the server is very strict. Do not use Windows to edit the file for a Linux machine because of ^M. If you use Windows, edit the file with gvim/vim. Note to Windows Users: The Java SDK uses forward slashes, even when running on Windows. When specifying paths in the KeyManagerConfig.properties file, be sure to use forward slashes. When specifying a fully-qualified path name in the command window, use back slashes in the normal manner for Windows. a. Audit.Handler.File.Directory - specify a location where audit logs are to be stored. b. Audit.metadata.file.name - specify a fully qualified path and filename for the metadata XML file. c. Config.drivetable.file.url - specify a location for information about drives that are known to the Encryption Key Manager. This file is not required before starting the server or CLI client. If it does not exist, it will be created during shutdown of the Encryption Key Manager server. d. TransportListener.ssl.keystore.name - specify the path and filename of the keystore created in step 1. e. TransportListener.ssl.truststore.name - specify the path and filename of the keystore created in step 1. f. Admin.ssl.keystore.name - specify the path and filename of the keystore created in step 1. g. Admin.ssl.truststore.name - specify the path and filename of the keystore created in step 1. h. config.keystore.file - specify the path and filename of the keystore created in step 1. i. drive.acceptUnknownDrives - specify true or false. A value of true allows new tape drives that contact the Encryption Key Manager to be automatically added to the drive table. The default is false. 5. The following optional password entries may be added or omitted. If these entries are not specified in KeyManagerConfig.properties, the Encryption Key Manager will prompt for the keystore password during the startup of the server. a. Admin.ssl.keystore.password - specify the password of the keystore created in step 1. b. config.keystore.password - specify the password of the keystore created in step 1. c. TransportListener.ssl.keystore.password - specify the password of the keystore created in step 1. When added to the KeyManagerConfig.properties file, the Encryption Key Manager obfuscates these passwords for additional security. 6. Optionally set the Server.authMechanism property to a value of LocalOS if CLI client authentication is to be done against the local operating system 4-4 Dell Encryption Key Mgr User's Guide