Dell PowerVault TL4000 Dell Encryption Key Manager and Library Managed Encr - Page 7

Dell Encryption Key Manager and, Library Managed Encryption - tape library

Get Dell PowerVault TL4000 PDF manuals and user guides View all Dell PowerVault TL4000 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 7 highlights

NOTE: Read the following information before using your Dell PowerVault TL2000, TL4000, or ML6000 tape libraries. Dell Encryption Key Manager and Library Managed Encryption This document covers the Dell Encryption Key Manager and Library Managed Encryption used on the Dell PowerVault TL2000, TL4000, and ML6000 tape libraries. Best Practices It is not possible to overstate the importance of backing up the key store once it is populated with keys and every time keys are added to the key store. If the keys are lost, the data encrypted with the keys is lost forever. The key store should be backed up to non-encrypted media. The keys are encrypted within the key store so there is no security concern with this process. The key store should not be backed up to media encrypted with the keys in the key store as the backup is no longer available if the key store is deleted or corrupted. The Dell Encryption Key Manager (EKM) GUI allows for the key store to be backed up every time a configuration change is made. To prevent possible data loss due to an EKM server failure, it is recommended to use a primary and redundant (secondary) EKM server. This configuration provides redundancy in the event the primary EKM server is down or unavailable. For information on configuring a primary and redundant (secondary) EKM server for your library, follow the steps under "How do I create a redundant EKM based on a primary EKM server?" on page 11. If two independent EKMs are installed and configured through the defaults, the key stores cannot be merged later due to identical key aliases. It is recommended that the primary and redundant EKM servers be synchronized every time changes are made to the primary EKM. In addition, since the two methods of synchronization in the Dell Encryption Key Manager User's Guide do not act on the keystore or key groups XML file, both of which are essential to reading encrypted data from the media, they should be copied to the redundant EKM server any time new media is allocated by EKM. For more information, see "How do I synchronize the redundant EKM anytime configuration changes (like adding keys, adding key groups, adding drives, and so on) are made to the primary EKM?" on page 12. Dell Encryption Key Manager and Library Managed Encryption 7

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
Dell Encryption Key Manager and Library Managed Encryption
7
NOTE:
Read the following information before using your Dell PowerVault TL2000,
TL4000, or ML6000 tape libraries.
Dell Encryption Key Manager and
Library Managed Encryption
This document covers the Dell Encryption Key Manager and Library
Managed Encryption used on the Dell PowerVault TL2000, TL4000,
and ML6000 tape libraries.
Best Practices
It is not possible to overstate the importance of backing up the key store once it is
populated with keys and every time keys are added to the key store. If the keys are
lost, the data encrypted with the keys is lost forever.
The key store should be backed up to non-encrypted media. The keys are
encrypted within the key store so there is no security concern with this process.
The key store should not be backed up to media encrypted with the keys in the
key store as the backup is no longer available if the key store is deleted or
corrupted. The Dell Encryption Key Manager (EKM) GUI allows for the key
store to be backed up every time a configuration change is made.
To prevent possible data loss due to an EKM server failure, it is recommended
to use a primary and redundant (secondary) EKM server. This configuration
provides redundancy in the event the primary EKM server is down or
unavailable. For information on configuring a primary and redundant
(secondary) EKM server for your library, follow the steps under "How do I create
a redundant EKM based on a primary EKM server?" on page 11. If two
independent EKMs are installed and configured through the defaults, the key
stores cannot be merged later due to identical key aliases.
It is recommended that the primary and redundant EKM servers be
synchronized every time changes are made to the primary EKM. In addition,
since the two methods of synchronization in the
Dell Encryption Key Manager
User's Guide
do not act on the keystore or key groups XML file, both of which
are essential to reading encrypted data from the media, they should be copied
to the redundant EKM server any time new media is allocated by EKM.
For more information, see "How do I synchronize the redundant EKM anytime
configuration changes (like adding keys, adding key groups, adding drives, and so
on) are made to the primary EKM?" on page 12.