Setting up encryption on the library, Step 1: installing a license key – Dell PowerVault ML6000 User Manual
Page 4
ww
w
.d
el
l.c
om |
s
u
ppo
rt.
de
ll.
co
m
4
Setting Up Encryption On the Library
Step 1: Installing a License Key
NOTE:
Ensure that both your library and tape drive firmware are updated to the latest released versions. The latest
firmware and installation instructions are availabl
.
1
Obtain a license key for encryption, following the instructions on the License Key Certificate you received.
2
Do one of the following:
•
From the operator panel, select Setup > Licenses.
•
From the Web client, select Setup > License.
3
Enter the new license key.
4
Click Apply.
A progress window displays, showing time elapsed. When complete, a green Success message appears, and
the status changes to “Operation Succeeded.” Encryption is now listed as a feature on the screen. (If a
Failure message appears, you may have entered an incorrect license key.)
5
Click Close.
Step 2: Configuring Encryption Settings and Key Server Addresses
1
Unload tape cartridges from all encryption-capable tape drives in the library.
2
From the Web client, select Setup > Encryption > System Configuration.
3
Automatic EKM Path Diagnostics: Enable or disable this feature and set the test interval as desired. You
may also specify the number of consecutive missed test intervals required to generate a RAS ticket. For
more information, see Automatic EKM Path Diagnostics on page 9.
4
Secure Sockets Layer (SSL): To enable SSL for communication between the library and the EKM key
servers, select the SSL Connection checkbox. The default is Disabled. If you enable SSL, you must make
sure that the Primary and Secondary Key Server Port Numbers (see below) match the SSL port numbers
set on the EKM key servers. The default SSL port number is 443.
NOTE:
Keys are always encrypted before being sent from the EKM key server to a tape drive, whether SSL is enabled or
not. Enabling SSL provides additional security.
5
In the Primary Key Server IP Address or Host text box, enter either:
•
The IP address of the primary key server (if DNS is not enabled), or
•
The host name of the primary key server (if DNS is enabled)
6
Enter the port number for the primary key server into the Primary Key Server Port Number
text box. The
default port number is 3801 unless SSL is enabled. If SSL is enabled, the default port number is 443.
NOTE:
If you change the port number setting on the library, you must also change the port number on the key server to
match or EKM will not work properly.
7
If you are using a secondary key server for failover purposes, enter the IP address or host name of the
secondary key server into the Secondary Key Server IP Address or Host text box.
NOTE:
If you do not plan to use a secondary key server, you may type a zero IP address, 0.0.0.0, into the
Secondary Key Server IP Address or Host text box, or you may leave the text box blank.
8
If you configured a secondary key server (previous step), enter the port number for the secondary key server
into the Secondary Key Server Port Number text box. The default port number is 3801 unless SSL is
enabled. If SSL is enabled, the default port number is 443.
NOTE:
If you are using a secondary key server, then the port numbers for both the primary and secondary key servers
must be set to the same value. If they are not, synchronization and failover will not occur.
9
Click Apply.