HP Enterprise Secure Key Manager manual 13

Configuring the KMIP feature for the MSL6480

With the Key Management Interoperability Protocol (KMIP) Wizard you can configure use of KMIP key management servers with the MSL6480 library. Access to the wizard from the Encryption menu on the RMI is only available to the security user and requires that the KMIP license has been added from the Configuration > System > License Key Handling screen.

NOTE: The MSL6480 library only allows one encryption key manager type to be used at a time. For example, if KMIP is enabled and in use, the MSL Encryption Kit cannot also be used for encryption key generation and retrieval.

Before running the wizard, verify that:

•The library configuration is complete, including defining all library partitions.

•The KMIP server is available on the network and has been configured for use with this library.

•All tape drives in the library are empty.

•The KMIP server management user interface is open and ready for use. The server user interface and library RMI are used together to configure the library for KMIP.

•The KMIP license has been installed in the library. For licensing information and instructions on installing the license, see “Licensing” (page 5).

To configure the KMIP feature:

1.Install and configure the key servers. See the vendor’s product documentation for details. Collect the IP address of each server.

2.Create a local CA and server certificate on the key server. See the vendor’s product documentation for details.

Collect the filename of the CA certificate (a file with a crt extension).

3.Set up a new client user account for the library. See “Creating the client user name and password on the server” (page 12).

Collect the account user name and password.

4.Use the KMIP Wizard to enroll the library with the KMIP server. See “Using the KMIP Wizard” (page 14).

5.If using the ESKM 4.0 server with the KMIP protocol, in the ESKM 4.0 user interface, navigate to the Properties tab for the user associated with the library and then check Enable KMIP.

Configuring the KMIP feature for the MSL6480 13