EasyManua.ls Logo

Dell PowerVault ML6000

Dell PowerVault ML6000
122 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Disaster Recovery Site Considerations
If you plan to use a disaster recovery (DR) site, the Encryption Key Manager
provides a number of options to enable that site to read and write encrypted tapes.
These are:
v Create a duplicate Encryption Key Manager at the DR site.
Set up a duplicate Encryption Key Manager at the DR site with the same
information as your local Encryption Key Manager (configuration file, tape drive
table, key groups XML file, and keystore). This key manager would then be in
place and capable of taking over for one of your existing production key
managers to read and write encrypted tapes.
v Create a backup copy of the three Encryption Key Manager data files to be able
to recover as needed.
If you create a current copy of the four data elements needed by the Encryption
Key Manager (configuration file, tape drive table, key groups XML file, and
keystore) then you would be able to start a key manager at any time to act as a
duplicate at the DR site. (Remember that you should not use the Encryption Key
Manager to encrypt the copies of these files as you would not be able to decrypt
it without a functioning key manager). If your DR site uses different tape drives
from your primary site, the configuration file and tape drive table must contain
the correct information for the DR site.
Considerations for Sharing Encrypted Tapes Offsite
Note: It is important to verify the validity of any certificate received from a
business partner by checking the chain of trust of such a certificate back to
the Certificate Authority (CA) that ultimately signed it. If you trust the CA,
then you can trust that certificate. Alternately, the validity of a certificate can
be verified if it was securely guarded in transit. Failure to verify a
certificate’s validity in one of these ways may open the door to a
“Man-in-the-Middle” attack.
Sharing LTO 4 and LTO 5 Tape
In order to share encrypted data on an LTO 4 or LTO 5 tape, a copy of the
symmetric key used to encrypt the data on the tape must be made available to the
other organization to enable them to read the tape. In order for the symmetric key
to be shared, the other organization must share their public key with you. This
public key will be used to wrap the symmetric key when it is exported from the
Encryption Key Manager keystore using keytool (see “Exporting Data Keys Using
=
=
Key Store
Drive Table
Config File
Key Groups
Key Store
Drive Table
Config File
Key Groups
a14m0255
=
Primary
Encryption
Key Manager
Secondary
Encryption
Key Manager
Tape Library
A
Tape Library
B
Tape Library
C
Figure 2-6. Two Servers with Different Configurations Accessing the Same Devices
Chapter 2. Planning Your Encryption Key Manager Environment 2-9
|
|
|
|
|
|

Table of Contents

Other manuals for Dell PowerVault ML6000

Related product manuals