HP Enterprise Secure Key Manager manual Configuring the Kmip feature for the MSL6480

Page 13

Configuring the KMIP feature for the MSL6480

With the Key Management Interoperability Protocol (KMIP) Wizard you can configure use of KMIP key management servers with the MSL6480 library. Access to the wizard from the Encryption menu on the RMI is only available to the security user and requires that the KMIP license has been added from the Configuration > System > License Key Handling screen.

NOTE: The MSL6480 library only allows one encryption key manager type to be used at a time. For example, if KMIP is enabled and in use, the MSL Encryption Kit cannot also be used for encryption key generation and retrieval.

Before running the wizard, verify that:

The library configuration is complete, including defining all library partitions.

The KMIP server is available on the network and has been configured for use with this library.

All tape drives in the library are empty.

The KMIP server management user interface is open and ready for use. The server user interface and library RMI are used together to configure the library for KMIP.

The KMIP license has been installed in the library. For licensing information and instructions on installing the license, see “Licensing” (page 5).

To configure the KMIP feature:

1.Install and configure the key servers. See the vendor’s product documentation for details. Collect the IP address of each server.

2.Create a local CA and server certificate on the key server. See the vendor’s product documentation for details.

Collect the filename of the CA certificate (a file with a crt extension).

3.Set up a new client user account for the library. See “Creating the client user name and password on the server” (page 12).

Collect the account user name and password.

4.Use the KMIP Wizard to enroll the library with the KMIP server. See “Using the KMIP Wizard” (page 14).

5.If using the ESKM 4.0 server with the KMIP protocol, in the ESKM 4.0 user interface, navigate to the Properties tab for the user associated with the library and then check Enable KMIP.

Configuring the KMIP feature for the MSL6480 13

Page 12 Page 14
Image 13
Page 12 Page 14
Contents Abstract Warranty Contents Introduction Using an encryption key serverHP Enterprise Secure Key Manager Eskm Media compatibility for drives supporting encryption Considerations for using an encryption key serverLicensing KMIP-based key serversMSL6480 Installing the encryption licenseHP Enterprise Secure Key Manager Eskm integration Using the Eskm WizardHP Enterprise Secure Key Manager Eskm integration Page HP Enterprise Secure Key Manager Eskm integration Page KMIP-based key server integration Creating the client user name and password on the serverConfiguring the Kmip feature for the MSL6480 Using the Kmip Wizard Configuring the Kmip feature for the MSL6480 KMIP-based key server integration Enrolling the autoloader or library with a Kmip server Set or enter the Kmip security passwordGenerating the client certificate request Entering the Kmip client credentialsSigning the client certificate on the server Installing the signed client certificate---END Certificate Enabling KMIP-based encryption Configuring access to the key serversKMIP-based key server integration MSL6480 Connectivity testAutoloader and other MSL libraries Failover test Basic encryption testPage Contacting HP Support and other resourcesTypographic conventions Documentation feedback
Top Page Image Contents