HP manual HP Enterprise Secure Key Manager Eskm integration, Using the Eskm Wizard

Page 7

2 HP Enterprise Secure Key Manager (ESKM) integration

The MSL6480 library supports integration of all versions of the ESKM using the ESKM protocol. Integration with the ESKM allows encryption keys and encrypted tapes to be shared with the ESL G3 and other tape libraries that support the ESKM.

NOTE: If you are using ESKM 4.0 with the KMIP protocol, see the configuration instructions in “KMIP-based key server integration” (page 12).

With the ESKM Wizard you can configure use of the HP Enterprise Secure Key Management server with the MSL6480. Access the wizard from the Encryption menu on the RMI, which is only available to the security user and requires that the ESKM license has been added from the Configuration > System > License Key Handling screen. For licensing information, see “Licensing” (page 5).

NOTE: The library only allows one encryption key manager type to be used at a time. For example, if ESKM is enabled and in use, the MSL Encryption Kit cannot also be used for encryption key generation and retrieval.

For additional information on configuring ESKM for use with the library, see the HP Enterprise Secure Key Manager Configuration Guide for HP Tape Libraries.

Before running the wizard, verify that:

The library configuration is complete, including defining all library partitions.

A 2048-bit server certificate for each HP ESKM device in the cluster has been created.

The ESKM server certificate has been signed by the Certificate Authority (CA) you intend to use and has been installed on the ESKM.

SSL is enabled on the ESKM KMS server.

The HP ESKM Management Console is open and ready for use. The ESKM Management Console and library RMI are used together to configure the library for ESKM.

All tape drives are empty.

The necessary license has been installed in the library. For licensing information and instructions on installing the license, see “Licensing” (page 5).

Using the ESKM Wizard

1.From the MSL6480 RMI, click EncryptionESKM Wizard to start the wizard.

2.The Wizard Information screen displays information about the wizard. If the library configuration is complete, click Next.

3.The Certificate Authority Information screen displays prerequisites for using the ESKM certificate. When the prerequisites are met, click Next.

4.The Certificate Authority Certificate Entry screen displays instructions for obtaining the certificate for the ESKM server. Follow the instructions to copy the certificate from the management console. Paste the certificate into the wizard and then click Next.

7

Page 6 Page 8
Image 7
Page 6 Page 8
Contents Abstract Warranty Contents Introduction Using an encryption key serverHP Enterprise Secure Key Manager Eskm KMIP-based key servers Considerations for using an encryption key serverMedia compatibility for drives supporting encryption LicensingMSL6480 Installing the encryption licenseHP Enterprise Secure Key Manager Eskm integration Using the Eskm WizardHP Enterprise Secure Key Manager Eskm integration Page HP Enterprise Secure Key Manager Eskm integration Page KMIP-based key server integration Creating the client user name and password on the serverConfiguring the Kmip feature for the MSL6480 Using the Kmip Wizard Configuring the Kmip feature for the MSL6480 KMIP-based key server integration Enrolling the autoloader or library with a Kmip server Set or enter the Kmip security passwordGenerating the client certificate request Entering the Kmip client credentialsSigning the client certificate on the server Installing the signed client certificate---END Certificate Enabling KMIP-based encryption Configuring access to the key serversKMIP-based key server integration MSL6480 Connectivity testAutoloader and other MSL libraries Failover test Basic encryption testPage Contacting HP Support and other resourcesTypographic conventions Documentation feedback
Top Page Image Contents