EasyManua.ls Logo

Dell PowerVault ML6000 - Dell Encryption Key Manager and Library Managed Encryption; Best Practices

Dell PowerVault ML6000
26 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Dell Encryption Key Manager and Library Managed Encryption 7
NOTE: Read the following information before using your Dell PowerVault TL2000,
TL4000, or ML6000 tape libraries.
Dell Encryption Key Manager and
Library Managed Encryption
This document covers the Dell Encryption Key Manager and Library
Managed Encryption used on the Dell PowerVault TL2000, TL4000,
and ML6000 tape libraries.
Best Practices
It is not possible to overstate the importance of backing up the key store once it is
populated with keys and every time keys are added to the key store. If the keys are
lost, the data encrypted with the keys is lost forever.
The key store should be backed up to non-encrypted media. The keys are
encrypted within the key store so there is no security concern with this process.
The key store should not be backed up to media encrypted with the keys in the
key store as the backup is no longer available if the key store is deleted or
corrupted. The Dell Encryption Key Manager (EKM) GUI allows for the key
store to be backed up every time a configuration change is made.
To prevent possible data loss due to an EKM server failure, it is recommended
to use a primary and redundant (secondary) EKM server. This configuration
provides redundancy in the event the primary EKM server is down or
unavailable. For information on configuring a primary and redundant
(secondary) EKM server for your library, follow the steps under "How do I create
a redundant EKM based on a primary EKM server?" on page 11. If two
independent EKMs are installed and configured through the defaults, the key
stores cannot be merged later due to identical key aliases.
It is recommended that the primary and redundant EKM servers be
synchronized every time changes are made to the primary EKM. In addition,
since the two methods of synchronization in the
Dell Encryption Key Manager
User's Guide
do not act on the keystore or key groups XML file, both of which
are essential to reading encrypted data from the media, they should be copied
to the redundant EKM server any time new media is allocated by EKM.
For more information, see "How do I synchronize the redundant EKM anytime
configuration changes (like adding keys, adding key groups, adding drives, and so
on) are made to the primary EKM?" on page 12.

Table of Contents

Other manuals for Dell PowerVault ML6000

Preview: User Guide
User Guide122 pages
Preview: Maintenance Guide
Maintenance Guide494 pages
Preview: Quick Start Guide
Quick Start Guide7 pages
Preview: Reference Guide
Reference Guide156 pages
Preview: Getting Started Guide
Getting Started Guide56 pages
Preview: Setup Guide
Setup Guide66 pages
Preview: Getting Started
Getting Started12 pages
Preview: Important Information
Important Information26 pages
Preview: Supplementary Guide
Supplementary Guide1 page

Related product manuals