Encryption Key Management
file:///T|/htdocs/stor-sys/ML6000/en/html/ch04_ekm.htm[9/17/2012 1:49:43 PM]
• Drive Test Failure — Look for any tape drive RAS tickets and follow the resolution instructions in the ticket.
• Path Test Failure — Verify that the key server is actually running and that the port/SSL settings match the
library configuration settings.
• Config Test Failure — Verify that the key server is set up to accept the tape drive you are testing.
Differences Between Manual and Automatic EKM Path Diagnostics
There are two ways to perform EKM Path Diagnostics:
•
Using Manual EKM Path Diagnostics
•
Using Automatic EKM Path Diagnostics
The Manual diagnostics differs from the Automatic diagnostics in the following ways:
• The Manual diagnostics takes affected partitions offline.
• The Automatic diagnostics does not take partitions offline, but it may delay moves to tape drives while they are being
tested.
• The Manual diagnostics requires that you select one tape drive to use for the test. Since the test only validates the
selected drive, if you want to test the path for each tape drive, you must run the test multiple times (once for each
drive). To test all servers, you must run the diagnostics once for each Library Managed Encryption enabled partition
(each server pair is connected to a unique partition and tape drive). In addition, if the tape drive is not available (it
must be unloaded, ready, and online), the Drive, Path, and Config tests are not performed.
• The Automatic diagnostics tests every connected EKM server in turn, and the library selects the tape drive to use for
each test. If the selected tape drive is not available (it must be unloaded, ready, and online), then the library tries
another tape drive that is connected to the key server until it finds one that is available. If no tape drives connected to
a particular key server are available, then that server is skipped and the tests are not performed. If a server is
skipped for "X" number of consecutive test intervals (where "X" is configurable on the Web client), the library
generates a RAS ticket. If a tape drive remains loaded for a long time, it is possible that it will never be tested. If you
want to test a specific tape drive, then you should use the Manual EKM Path Diagnostics. In particular, if you replace a
tape drive, run the Manual EKM Path Diagnostics.
Using Manual EKM Path Diagnostics
1 Access the EKM Path Diagnostics screen in one of two ways:
• Enter library Diagnostics (from the Web client select Tools > Diagnostics) and then select EKM > EKM Path
Diagnostics. Note that entering Diagnostics will log off all other users of the same or lower privileges and take
your partitions offline. When you exit Diagnostics, the partitions automatically come back online. See
Library
Diagnostics for more information.
• Select Setup > Encryption > System Configuration or Setup > Encryption > Partition Configuration and
click the link that says "Click here to run EKM Path Diagnostics." Note that performing this action takes the
partition in which the selected tape drive resides offline. When the test completes, the partition automatically
comes back online.
A list of all the tape drives enabled for library-managed encryption is displayed, along with the tape drive status and
the partition in which each tape drive resides.
2 Select the tape drive on which you want to perform diagnostics and click Apply. Tape drives must be unloaded, ready,
and online in order for the test to run.
A dialog box appears telling you that the selected partition will be taken offline.
3 Click OK to start the diagnostics.
4 The library performs the diagnostics and displays pass/fail results on each of the tests in the Progress Window.
Note: The diagnostics tests may take several minutes to complete.
5 Do one of the following:
• If Completed appears in the Progress Window, the diagnostics were performed (this does not mean that the
diagnostics passed, just that the diagnostics were performed). Click Close to close the Progress Window.
• If Failure appears in the Progress Window, the diagnostics were not able to be performed. Follow the instructions
listed in the Progress Window to resolve any issues that occurred during the operation.
To Next Page
Loading...
