HP Enterprise Secure Key Manager 2 HP Enterprise Secure Key Manager (ESKM) integration

2 HP Enterprise Secure Key Manager (ESKM) integration

The MSL6480 library supports integration of all versions of the ESKM using the ESKM protocol. Integration with the ESKM allows encryption keys and encrypted tapes to be shared with the ESL G3 and other tape libraries that support the ESKM.

NOTE: If you are using ESKM 4.0 with the KMIP protocol, see the configuration instructions in “KMIP-based key server integration” (page 12).

With the ESKM Wizard you can configure use of the HP Enterprise Secure Key Management server with the MSL6480. Access the wizard from the Encryption menu on the RMI, which is only available to the security user and requires that the ESKM license has been added from the Configuration > System > License Key Handling screen. For licensing information, see “Licensing” (page 5).

NOTE: The library only allows one encryption key manager type to be used at a time. For example, if ESKM is enabled and in use, the MSL Encryption Kit cannot also be used for encryption key generation and retrieval.

For additional information on configuring ESKM for use with the library, see the HP Enterprise Secure Key Manager Configuration Guide for HP Tape Libraries.

Before running the wizard, verify that:

•The library configuration is complete, including defining all library partitions.

•A 2048-bit server certificate for each HP ESKM device in the cluster has been created.

•The ESKM server certificate has been signed by the Certificate Authority (CA) you intend to use and has been installed on the ESKM.

•SSL is enabled on the ESKM KMS server.

•The HP ESKM Management Console is open and ready for use. The ESKM Management Console and library RMI are used together to configure the library for ESKM.

•All tape drives are empty.

•The necessary license has been installed in the library. For licensing information and instructions on installing the license, see “Licensing” (page 5).

Using the ESKM Wizard

1.From the MSL6480 RMI, click Encryption→ESKM Wizard to start the wizard.

2.The Wizard Information screen displays information about the wizard. If the library configuration is complete, click Next.

3.The Certificate Authority Information screen displays prerequisites for using the ESKM certificate. When the prerequisites are met, click Next.

4.The Certificate Authority Certificate Entry screen displays instructions for obtaining the certificate for the ESKM server. Follow the instructions to copy the certificate from the management console. Paste the certificate into the wizard and then click Next.

7