HP StoreEver MSL Tape Libraries User Manual
Page 27
1.
Click the Encryption enabled box to enable encryption for the autoloader or library, or for
one or more logical libraries that contain an LTO-4 or later generation tape drive. Logical
libraries that do not contain an LTO-4 or later generation tape drive will not appear on the
configuration screen.
Figure 16 Security Configuration pane of the Configuration > Security screen
2.
Enter the name of the token in the Token Name field. The name can have up to 126 characters.
TIP:
Using a descriptive name, including the dates when the keys on the token were used,
could be helpful if your log of tapes written with keys on the token is lost. This descriptive
name will appear on the RMI whenever the token is installed. You do not need to enter the
name for authentication.
3.
Click Submit in the Security Configuration pane to apply your selections.
4.
Generate the first key. By default, you must manually request the key server token to generate
a new key. Click Apply in the Generate a new write key pane to generate the first key.
Figure 17 Generate a new write key pane of the Configuration > Security screen
5.
Optional: Enable and configure automatic key generation. When automatic key generation
is enabled, the autoloader or library will automatically request the key server token to generate
a new key periodically, according the policy you configure. Set the policy for the new key
generation frequency, and the day and time this will occur. Be aware that when new keys
are created automatically they are not backed up until you do so manually. To avoid only
having one copy of the new key, set the automatic key generation policy for a time when you
can back up the new key before tapes are written using the new key.
Click Submit in the Security Configuration pane to apply your selections.
NOTE:
A key is not generated when the autoloader or library time is advanced past a time
when a new key would have been generated. If you advance the autoloader or library time,
check the automatic key generation policy to see whether a new key is needed, and if so,
manually generate it.
One new key is generated if the autoloader or library is off at a time when a new key would
have been automatically generated. To prevent a new key from being generated in this case,
disable automatic key generation before powering off the autoloader or library.
NOTE:
Automatic key generation will not occur if media is loaded in any drive. When using
automatic key generation, ensure that media is unloaded from the drives when keys are
generated.
Configuring encryption for the autoloader and other libraries
27