Multiple Key Managers for Redundancy
The Encryption Key Manager is designed to work with tape drives and libraries to
allow redundancy, and thus high availability, so you can have multiple key
managers servicing the same tape drives and libraries. Moreover, these key
managers need not be on the same systems as the tape drives and libraries. The
maximum number of key managers depends on your library or proxy. The only
requirement is that they be available to the tape drives through TCP/IP
connectivity.
This allows you to have two Encryption Key Managers that are mirror images of
each other with built-in backup of the critical information about your keystores, as
well as a failover in the event one key manager becomes unavailable. When you
configure your device (or proxy) you can point it to two key managers. If one key
manager becomes unavailable for any reason, your device (or library) will simply
use the alternate key manager.
You also have the capability to keep the two Encryption Key Managers
synchronized. It is critical that you take advantage of this important function when
needed, both for its inherent backup of critical data and also for its failover
capability to avoid any outages in your tape operations. Refer to “Synchronizing
Data Between Two Key Manager Servers” on page 4-2.
Note: Synchronization does not include keystores. They must be copied manually.
Encryption Key Manager Server Configurations
The Encryption Key Manager may be installed on a single-server or on multiple
servers. The following examples show one- and two-key manager configurations
but your library may allow more.
Single-Server Configuration
A single-server configuration, shown in Figure 2-4, is the simplest Encryption Key
Manager configuration. However, because of the lack of redundancy it is not
recommended. In this configuration, all tape drives rely on a single key manager
server with no backup. Should the server go down, the keystore, configuration file,
KeyGroups.xml file, and drive table would be unavailable, making any encrypted
tape unreadable. In a single-server configuration you must ensure that backup
copies of the keystore, configuration file, KeyGroups.xml file, and drive table are
maintained in a safe place, separate from the Encryption Key Manager, so its
function can be rebuilt on a replacement server if the server copies are lost.
Key Store
Drive Table
Config File
Key Groups
a14m0256
Encryption
Key
Manager
Tape Library
A
Tape Library
B
Tape Library
C
Figure 2-4. Single Server Configuration
Chapter 2. Planning Your Encryption Key Manager Environment 2-7
|
|
|
|
To Next Page
Loading...
Need help?
General