Chapter 8: Encryption Key Management
Setting up EKM on the Scalar i6000
294 Quantum Scalar i6000 User’s Guide
Step 2 — Preparing
Partitions for Library-
managed Encryption
1 If not already installed, install tape drives that are supported by the
encryption system you are using (see
Supported Tape Drives on
page 288).
2 Ensure that the partition you are configuring for library-managed
encryption contains only tape drives that are supported by the
encryption system you are using.
3 On the tape drives, install the latest version of firmware that is
qualified for the library firmware installed on your library. Refer to
the library release notes for the correct version of tape drive
firmware.
Step 3 — Installing TLS
Communication
Certificates on the
Library
Transport Layer Security (TLS) communication certificates are unique
certificates that must be installed on the library in order for the library
to communicate securely with attached EKM servers.
Take one the following actions, according to what encryption System
you are using.
Encryption System Action
Quantum Encryption
Key Manager (Q-
EKM) or Tivoli Key
Lifecycle Manager
(TKLM) or Secure Key
Lifecycle Manager
(SKLM)
Only one TLS certificate (the Root certificate)
is required. Libraries with code versions
600A.GS23201 and higher generate a self-
signed certificate when first booting up, and
regenerate the certificate if it expires. You do
not need to take any action unless you want
to install your own Root certificate to
supersede the existing certificate. If want to
install your own certificate, then follow the
instructions in
Installing User-Provided
Certificates on page 299.
To Next Page
Loading...
Need help?
General