HP Enterprise Secure Key Manager Considerations for using an encryption key server, Licensing

Page 5

KMIP-based key servers

The 1/8 G2 Tape Autoloader and the MSL2024, MSL4048, MSL6480, MSL8048, and MSL8096 Tape Libraries support integration with non-HP key servers through the KMIP protocol. This requires a KMIP Encryption license for the library. For configuration information, see “KMIP-based key server integration” (page 12).

Considerations for using an encryption key server

The libraries only support the configuration of one encryption key method at a time. For example, if the library is configured to obtain encryption keys from an encryption key server, it will not also be able to obtain encryption keys from the HP MSL Encryption Kit nor from a backup application.

Media compatibility for drives supporting encryption

Table 1 Media compatibility

 

LTO-4 drive

LTO-5 drive

LTO-6 drive

LTO-1 media

Incompatible

Incompatible

Incompatible

LTO-2 media

Read only

Incompatible

Incompatible

LTO-3 media

Read/Write (no encryption)

Read only

Incompatible

LTO-4 media — unencrypted

Read/Write

Read/Write

Read only

LTO-4 media — encrypted

Read/Write with

Read/Write with

Read only with encryption

 

encryption key

encryption key

key

LTO-5 media — unencrypted

Incompatible

Read/Write

Read/Write

LTO-5 media — encrypted

Incompatible

Read/Write with

Read/Write with encryption

 

 

encryption key

key

LTO-5 media — unencrypted

Incompatible

Read/Write

Read/Write

LTO-5 media — encrypted

Incompatible

Read/Write with

Read/Write with encryption

 

 

encryption key

key

LTO-6 media — unencrypted

Incompatible

Incompatible

Read/Write

LTO-6 media — encrypted

Incompatible

Incompatible

Read/Write with encryption

 

 

 

key

Licensing

The KMIP and ESKM features require that the applicable license for the library be installed before the feature can be enabled and configured.

Table 2 KMIP and ESKM encryption licenses

Libraries

Part number

License name

 

MSL6480

D4T76A

HP StoreEver MSL6480 KMIP 1.2

Key Manager License

 

 

D4T76AAE

HP StoreEver MSL6480 KMIP 1.2

Key Manager E-License

 

 

TC469A

HP StoreEver MSL6480 ESKM Encryption License

 

 

TC469AAE

HP StoreEver MSL6480 ESKM Encryption E-License

1/8 G2 Tape

TC468A

HP StoreEver MSL2024/4048/8096 KMIP License

 

Autoloader

TC468AAE

HP StoreEver MSL2024/4048/8096 KMIP E-License

MSL2024

 

 

 

Considerations for using an encryption key server

5

Image 5
Contents Abstract Warranty Contents HP Enterprise Secure Key Manager Eskm Using an encryption key serverIntroduction Media compatibility for drives supporting encryption Considerations for using an encryption key serverLicensing KMIP-based key serversMSL6480 Installing the encryption licenseHP Enterprise Secure Key Manager Eskm integration Using the Eskm WizardHP Enterprise Secure Key Manager Eskm integration Page HP Enterprise Secure Key Manager Eskm integration Page KMIP-based key server integration Creating the client user name and password on the serverConfiguring the Kmip feature for the MSL6480 Using the Kmip Wizard Configuring the Kmip feature for the MSL6480 KMIP-based key server integration Enrolling the autoloader or library with a Kmip server Set or enter the Kmip security passwordGenerating the client certificate request Entering the Kmip client credentialsSigning the client certificate on the server Installing the signed client certificate---END Certificate Enabling KMIP-based encryption Configuring access to the key serversKMIP-based key server integration MSL6480 Connectivity testAutoloader and other MSL libraries Failover test Basic encryption testPage Typographic conventions Support and other resourcesContacting HP Documentation feedback