Dell PowerVault ML6000 User Manual
Page 150
Chapter 8 Library Managed Encryption
Configuring the Dell Encryption Key Manager (EKM) on the Library
Dell PowerVault ML6000 User’s Guide
150
Step 3: Configuring Encryption Settings and Key Server Addresses
8
Configure encryption settings and key server information as follows:
1
From the Web client, select Setup > Encryption > System
Configuration.
2
Automatic EKM Path Diagnostics
—
Enable or disable as desired;
however, it is recommended you leave the default. For more
information, see
Using Automatic EKM Path Diagnostics
page 158). When enabled, this feature performs a check, at specified
intervals, to make sure both key servers are connected to the library
and functioning properly. The library generates a RAS ticket if there
are problems.
3
Interval
—
If Automatic EKM Path Diagnostics is enabled, select the
interval at which the library performs the diagnostics.
4
Test Warning Threshold —If Automatic EKM Path Diagnostics is
enabled, specify the number of consecutive missed test intervals
required to generate a RAS ticket.
5
Secure Sockets Layer (SSL):
To enable SSL for communication
between the library and the EKM key servers, select the
SSL
Connection
checkbox. This feature is disabled by default. If you
enable SSL, you must make sure that the
Primary
and
Secondary Key
Server Port Numbers
(see below) match the SSL port numbers set on
the EKM key servers. The default SSL port number is 443.
6
In the
Primary Key Server Port Number
text box, enter the port number
for the primary key server. The default port number is 3801 unless
SSL is enabled. If SSL is enabled, the default port number is 443.
Note:
Keys are always encrypted before being sent from the
EKM key server to a tape drive, whether SSL is enabled or
not. Enabling SSL provides additional security.
Note:
If you change the port number setting on the library, you
must also change the port number on the key server to
match or EKM will not work properly.