Dell PowerVault ML6000 User Manual
Page 155
Chapter 8 Library Managed Encryption
Configuring the Dell Encryption Key Manager (EKM) on the Library
Dell PowerVault ML6000 User’s Guide
155
• Select the
SSL
checkbox if you want to enable Secure Sockets
Layer (SSL) for communication between that partition and the
EKM servers. The default is Disabled. If you enable SSL, you
must make sure that the primary and secondary EKM Port
numbers in the overrides section match the SSL port numbers set
on the EKM servers. The default SSL port number is 443.
If you use overrides, make sure that you install the EKM software on
all the servers you specify. Then run EKM Path Diagnostics on each
tape drive in every partition configured for EKM to make sure that
each tape drive can communicate with and receive keys from the
specified EKM server. For more information, see
Note:
Keys are always encrypted before being sent from the
EKM server to a tape drive, whether SSL is enabled or
not. Enabling SSL provides additional security.
Note:
Restriction on EKM servers used for overrides:
If you are
using primary and secondary servers for overrides, the
following restriction applies. (If you are not using a
secondary server, there are no restrictions.)
Restriction: A given primary server and secondary server
must be “paired” and cannot be used in different
combinations. For example:
• You can have Server1 as primary and Server2 as
secondary for any or all partitions.
• If Server1 is primary and Server2 is secondary on one
partition, then in any other partition that you use
Server1, Server1 can only be primary and it must be
“paired” with Server2 as secondary. You cannot have
Server1 as primary and Server3 as secondary on another
partition.
• You cannot have Server1 be both primary on PartitionA
and secondary on PartitionB.
• You cannot have Server2 be both secondary on
PartitionA and primary on PartitionB.