Encryption Key Management
file:///T|/htdocs/stor-sys/ML6000/en/html/ch04_ekm.htm[9/17/2012 1:49:43 PM]
blank or have been written to using library managed encryption at the first write operation at the beginning of tape (BOT).
Configure the partition(s) as follows:
1 From the Web client, select Setup > Encryption > Partition Configuration.
A list of all your partitions displays, along with a drop-down list displaying the encryption method for each partition.
2 If you want to change the encryption method for a partition, make sure that no tape drives in that partition have
cartridges loaded in them. If tape drives have cartridges loaded, you cannot change the encryption method.
3 Select an encryption method from the drop-down list for each partition. (For tape drives that support encryption, the
default is Application Managed.) The Encryption Method applies to all encryption-capable tape drives and media in
that partition.
Encryption
Method Description
Library
Managed
For use with EKM. Enables encryption support via a connected Dell EKM key
server for all encryption-capable tape drives and media assigned to the
partition.
Application
Managed
Not for use with EKM. Allows an external backup application to provide
encryption support to all encryption-capable tape drives and media within the
partition. The library will NOT communicate with the Dell EKM key server on
this partition.
This is the default setting if you have encryption-capable tape drives in the
partition. This option should remain selected unless you want Dell EKM to
manage encryption.
Note: If you want an application to manage encryption, you must specifically
configure the application to do so. The library will not participate in performing
this type of encryption.
None Disables encryption on the partition.
Unsupported Means that no tape drives in the partition support encryption.
If Unsupported is shown, it will be greyed out and you will not be able to
change the setting.
4 If you want different partitions to use different EKM key servers, fill in the Library Managed Encryption Server
Overrides section as described in this step. The settings in the overrides section supersede the default settings listed in
the Setup > Encryption > System Configuration screen. (However, the overrides settings do not change the
settings listed in the Setup > Encryption > System Configuration screen. Those settings are the default
configuration settings for any partition that does not use overrides.) Overrides are only available on partitions that
have Library Managed set as the encryption method.
Caution: Only fill in the overrides section if you want different partitions to use different EKM key servers.
Otherwise, leave this section alone and allow the values from the Setup > Encryption > System
Configuration screen to populate these fields. Once you make any changes to the overrides section, the default
values from the Setup > Encryption > System Configuration screen will no longer automatically populate
these fields. If you want to return to the default settings after changing the overrides, you must enter them
manually.
For each partition that has Library Managed as the encryption method, do the following:
• Type the IP address (if DNS is not enabled) or the host name (if DNS is enabled) of the primary EKM key server in
the Primary Host text box.
• Type the port number for the primary EKM key server into the Port text box. The default port number is 3801,
unless SSL is enabled. If SSL is enabled, the default port number is 443.
• If you are using a secondary EKM server, type the address/host name and port number of the secondary EKM key
server in the Secondary Host and Port text boxes.
• Select the SSL checkbox if you want to enable Secure Sockets Layer (SSL) for communication between that
partition and the EKM servers. The default is Disabled. If you enable SSL, you must make sure that the primary
To Next Page
Loading...
