Configuring the KMIP feature for the 1/8 G2 Tape Autoloader and other MSL Tape Libraries

The EBS Matrix lists the compatible KMIP server models, the server vendors, and links to primary documents those vendors provide.

Table 3 Enrolling the autoloader or library with a KMIP server

 

 

Primary documents providing

Step

Description of task

more detail

1Install and configure the key servers. Server vendor’s product documentation

2

Create a local CA and server

Server vendor’s product

 

certificate on the key server.

documentation

3

Set up a new client user account for

“Creating the client user name

 

the autoloader or library.

and password on the server”

 

 

(page 12)

Comment

Collect the IP address of each server.

Collect the filename of the CA certificate (a file with a crt extension).

Collect the account username and the account password.

4

Install the library license.

5Set or enter the KMIP security password in the RMI.

6Enter the KMIP Client Credentials in the RMI.

7Generate the autoloader or library client certificate.

8Sign the client certificate.

9Install the signed client certificate in the RMI.

If using ESKM 4.0, also copy the signed certificate to the ESKM 4.0 client.

10Configure the accessible key servers for the autoloader or library.

11Enable KMIP-based encryption for the autoloader or library.

12Verify that the KMIP encryption feature is working.

“Licensing” (page 5)

“Set or enter the KMIP security password” (page 17)

“Entering the KMIP client credentials” (page 18)

“Generating the client certificate request” (page 18)

“Signing the client certificate on the server” (page 19)

“Installing the signed client certificate” (page 19)

“Configuring access to the key servers” (page 21)

“Enabling KMIP-based encryption” (page 21)

“Verifying that the encryption key server integration is working” (page 23)

The user name will also be used to generate the client certificate.

Enter the IP addresses from step 1.

NOTE: HP supplies the ESKM server but does not supply other KMIP servers. If you are not familiar with configuring KMIP servers, please contact your KMIP server vendor.

Set or enter the KMIP security password

In the RMI Configuration: Security page, enter the KMIP security password, which is required for modifying the KMIP configuration.

Configuring the KMIP feature for the 1/8 G2 Tape Autoloader and other MSL Tape Libraries 17

Page 16 Page 18
Page 17
Image 17
HP Enterprise Secure Key Manager manual Set or enter the Kmip security password
Page 16 Page 18
Top Page Image Contents