TIP:
The serial number is on the bottom of the token when the token
is in the Autoloader or Library, making it difficult to see. You
can find the token serial number and firmware version from the
RMI Status: Security screen.
4 Configuring encryption
In this section, you will configure the name and personal information
number (PIN) for the key server token and configure encryption on the
Autoloader or Library.
Insert the key server token
Insert the key server token in the USB port on the back panel of the
Autoloader or Library.
Enter the PIN
When the key server token is inserted, the Autoloader or Library will
recognize it as a new token and display a dialog on the RMI requesting
that you enter a PIN. The new PIN must be at least eight characters long
and contain at least one capital letter, at least one lower case letter, and
at least two digits. Follow the directions in the dialog to enter your PIN.
Store a copy of the PIN in a secure location.
CAUTION:
The key server token protects the encryption keys with a personal
identification number (PIN). If you lose the PIN, you will not be
able to restore data from your encrypted tapes. Neither you
nor HP can recover a lost PIN. Keep a copy of the PIN in a safe
place.
Configure the encryption mode and features
From the Configuration: Security page you can enter the name of the
token, enable or disable encryption for the Autoloader or Library, and
enable the Autoloader or Library to automatically generate new keys. If
your Library has multiple partitions, you can enable or disable encryption
for each partition that contains an LTO-4 or later generation tape drive.
Only one encryption key is used at a time to write tape cartridges and
the same encryption key is used by all tape drives in the Library.
Enter the name of the token in the Token Name field.
By default, you must generate new keys manually. Optionally, you can
enable Automatic key generation to have the Autoloader or Library to
automatically generate a new key periodically. Set the generation time
and period in accordance with your security policy. Once a token
contains 100 keys you will need to obtain another token. Keys can never
be deleted from the token.
Enable encryption for the Autoloader or Library, or for one or more
logical libraries that contain an LTO-4 or later generation tape drive.
Click Submit.
NOTE:
The Library uses the same write encryption key (the Current key)
for all logical libraries with encryption enabled. If the Autoloader
or Library is writing an encrypted tape when you change the
security configuration, the new configuration will take effect for
the next tape loaded into an LTO-4 or later generation tape
drive.
Seeding the new key server token
When transitioning from a full token to a new token, you can copy the
highest numbered keys from the full token to the new token to enable
read operations from tapes written with keys on the full token.
Verify that no backup operations are in progress.
Log into the RMI Configuration: Security page.
Insert the full token into the USB port on the back of the Autoloader or
Library, and enter the PIN.
If the Number of Keys to Backup option is not visible, you must back up
all keys on the token to a file before creating a file with just some of the
keys. See the instructions in step 5 to back up the full token.
Page 3
To Next Page
Loading...
Need help?
General