Contents
Figures ...............v
Tables ...............vii
Preface ...............ix
About this Book .............ix
Who Should Read this Book ........ix
Conventions and Terminology Used in this Book ix
Attention Notice .............ix
Related Publications ............x
Linux Information ...........x
Microsoft Windows Information .......x
Online Support ............x
Read this First............xi
Contacting Dell .............xi
Chapter 1. Tape Encryption Overview 1-1
Components ..............1-1
Managing Encryption ...........1-2
Application-Managed Tape Encryption ....1-4
Library-Managed Tape Encryption .....1-5
About Encryption Keys ..........1-5
Chapter 2. Planning Your Encryption
Key Manager Environment ......2-1
Encryption Setup Tasks at a Glance ......2-1
Encryption Key Manager Setup Tasks ....2-1
Planning for Library-Managed Tape Encryption 2-1
Hardware and Software Requirements .....2-2
Linux Solution Components .......2-2
Windows Solution Components ......2-3
Keystore Considerations ..........2-3
The JCEKS Keystore ..........2-3
Encryption Keys and the LTO 4 and LTO 5 Tape
Drives ...............2-4
Backing up Keystore Data ........2-5
Multiple Key Managers for Redundancy . . . 2-7
Encryption Key Manager Server Configurations 2-7
Disaster Recovery Site Considerations .....2-9
Considerations for Sharing Encrypted Tapes Offsite 2-9
Federal Information Processing Standard 140-2
Considerations.............2-10
Chapter 3. Installing the Encryption
Key Manager and Keystores .....3-1
Downloading the Latest Version Key Manager ISO
Image................3-1
Installing the Encryption Key Manager on Linux 3-1
Installing the Encryption Key Manager on
Windows ...............3-2
Using the GUI to Create a Configuration File,
Keystore, and Certificates .........3-5
Generating Keys and Aliases for Encryption on
LTO4andLTO5............3-9
Creating and Managing Key Groups .....3-14
Chapter 4. Configuring the Encryption
Key Manager ............4-1
Using the GUI to Configure the Encryption Key
Manager ...............4-1
Configuration Strategies ..........4-1
Automatically Update Tape Drive Table....4-1
Synchronizing Data Between Two Key Manager
Servers ..............4-2
Configuration Basics ...........4-3
Chapter 5. Administering the
Encryption Key Manager.......5-1
Starting, Refreshing, and Stopping the Key
Manager Server.............5-1
The Command Line Interface Client ......5-5
CLI Commands.............5-7
Chapter 6. Problem Determination . . 6-1
Check These Important Files for Encryption Key
Manager Server Problems .........6-1
Debugging Communication Problems Between the
CLI Client and the EKM Server .......6-2
Debugging Key Manager Server Problems ....6-2
Encryption Key Manager-Reported Errors ....6-5
Messages ...............6-9
Config File not Specified.........6-9
Failed to Add Drive ..........6-10
Failed to Archive the Log File ......6-10
Failed to Delete the Configuration .....6-10
Failed to Delete the Drive Entry ......6-11
Failed to Import ...........6-11
Failed to Modify the Configuration .....6-11
File Name Cannot be Null ........6-11
File Size Limit Cannot be a Negative Number 6-12
No Data to be Synchronized .......6-12
Invalid Input ............6-12
Invalid SSL Port Number in Configuration File 6-13
Invalid TCP Port Number in Configuration File 6-13
Must Specify SSL Port Number in
Configuration File ..........6-13
Must Specify TCP Port Number in
Configuration File ..........6-14
Server Failed to Start .........6-14
Sync Failed .............6-14
The Specified Audit Log File is Read Only . . 6-15
Unable to Load the Admin Keystore ....6-15
Unable to load the keystore .......6-16
Unable to Load the Transport Keystore . . . 6-16
Unsupported Action ..........6-16
iii
|
|
|
|
To Next Page
Loading...
Need help?
General