Failover test – HP StoreEver ESL G3 Tape Libraries User Manual

5.

Using your backup software, load the same tape into any drive in partition configured for
KMIP encryption. Read the header of the tape. This may be a media-identification command
or something similar.
a.

The backup software should report a failure, since the key cannot be exported, but the
header was encrypted.

b.

One of the KMIP server logs should show a request for the key which was denied.

6.

Using the backup software, unload the media to a slot.

7.

From the KMIP server, re-enable the ability to export the key (reverse the action from step 4).

8.

Repeat step 5 (read the tape).

9.

Unload the media to a slot.
This concludes the basic encryption test.

Failover test

1.

From the Basic encryption test, step 8, identify which KMIP server provided the key. This is
the server which logged the key export.

2.

From the KMIP server, temporarily disable that server's ability to communicate with clients.
The server documentation should describe how to do that.

3.

Repeat step 5 of the Basic Encryption test.
The backup software should succeed, but the key is provided by a different server. You can
identify which server exported the key by inspecting each server's logs.

4.

Unload the media to a slot.

5.

If there are more than two KMIP servers, continue disabling server-client communications and
repeating this test, until every server has successfully served the key.

6.

Re-enable the ability of each server to communicate with clients. This concludes the failover
test.

230 Using the Key Management Interoperability Protocol (KMIP) feature