Chapter 7: Encryption Key Management
Scalar Key Manager Functions Available on the Library
192 Quantum Scalar i40 and Scalar i80 User’s Guide
Generating Data Encryption Keys at Initial Setup
At initial setup, the library triggers each SKM server to generate a set of
data encryption keys. The process is described in
Step 7: Configure SKM
Partitions and Generate Data Encryption Keys on page 179.
Generating Data Encryption Keys When 80% Depleted
When an SKM server has used 80 percent of the data encryption keys
assigned to a particular library, that library generates a diagnostic ticket
to let you know. Once you receive the diagnostic ticket, you should
schedule a time to manually generate more data encryption keys as
described in
Manually Generating Data Encryption Keys on page 192
and back up both SKM server keystores.
Generating Data Encryption Keys When 100% Depleted
If an SKM server completely runs out of data encryption keys for a
particular library, that library generates a diagnostic ticket, which states
that you have run out of data encryption keys and that the library
attempted to fail over to the other SKM server. If this happens, it is
imperative that you manually generate a new set of data encryption
keys on the depleted server immediately and then back up both SKM
server keystores. See
Manually Generating Data Encryption Keys on
page 192.
Manually Generating Data Encryption Keys
To manually generate data encryption keys, you need to temporarily
disable library managed encryption on a partition, and then enable it
again. Enabling library managed encryption on a partition triggers the
library to check both SKM servers to see if new data encryption keys are
needed. If so, it creates the keys.
To Next Page
Loading...
Need help?
General
Weight and Dimensions
