Configuring encryption for the msl6480 – HP StoreEver MSL Tape Libraries User Manual
Page 20
information about creating your encryption key management processes. HP recommends that you
track at least:
•
Token name
•
Whether this token is a backup of another token
•
Dates used for writing data
•
The tape cartridges written with keys stored on the token. When possible, record the barcode
label associated with the tape cartridge.
•
Token backup file filename and password.
The encryption kit includes two methods of tracking the tokens. Choose the approach that works
best for your security policy and organization. HP recommends that you use both approaches.
•
Attached tag — The encryption kit includes a card and holder, which can be used to attach
information to the token.
•
Serial number — Each key server token has a unique serial number. You can use the serial
number to identify the key server token and correlate the tape cartridges written with keys on
the token.
TIP:
The serial number is on the bottom of the token when the token is in the autoloader or
library, making it difficult to see. You can also find the token serial number and firmware
version on the RMI Status > Security screen.
IMPORTANT:
HP recommends that you maintain a record of the tape cartridges that are written
with encryption keys on the key server token. When restoring the data from an encrypted tape,
you will need to use a key server token containing the encryption key for that tape. The name of
the key server token is not stored on the tape and the name of the tape is not stored on the key
server token. If you do not know which token contains the key for a tape, you may need to try all
of your key server tokens when restoring data from an encrypted tape. Each key server token can
contain a maximum of 100 keys.
NOTE:
If you are using encryption kits with multiple autoloaders or libraries, you will need to
track the autoloader or library used with each token as this information is not recorded on the
token.
To use the attached tags to identify the tokens:
1.
Write the token identification information on the paper cards.
2.
Insert each card into a holder.
3.
Attach the holders to the tokens.
4.
Track the tape cartridges that are written with keys stored on the token and keep a copy of
this record in a secure location.
To use the serial numbers to identify the tokens:
•
Record the token identification information and tape cartridges that are written with keys stored
on the token, and keep a copy of the record in a secure location.
TIP:
The serial number is on the bottom of the token when the token is in the autoloader or library,
making it difficult to see. You can find the token serial number and firmware version from the RMI.
Configuring encryption for the MSL6480
In this section, you will configure the name and personal information number (PIN) for the key
server token, and configure encryption for the MSL6480 library.
20
Installing and configuring the encryption kit