Chapter 7 Encryption Key Management
Configuring Encryption Key Management on the Library
Scalar i500 User’s Guide 176
4 Interval — If Automatic EKM Path Diagnostics is enabled, select the
interval at which the library performs the diagnostics.
5 Test Warning Threshold — For Q-EKM only. If Automatic EKM
Path Diagnostics is enabled, specify the number of consecutive
missed test intervals required to generate a RAS ticket.
6 SSL Connection
— Enable or disable as follows, depending on which
key server you are using:
•
Q-EKM — To enable SSL for communication between the library
and the EKM servers, select the SSL Connection
check box. The
feature is disabled by default. If you enable SSL, you must make
sure that the port numbers listed in the
Port text boxes (below)
match the SSL port numbers set on the Q-EKM servers. The
default SSL port number is 443.
• SKM — SSL is always enabled. The SSL port number is always
6000.
• KMIP Key Manager — SSL is always enabled.
7 Key Server IP Address or Host Name
— In the text boxes, assign
your key servers in the order in which you want failover to occur.
The
“#” column denotes the server failover order. Once you add the
servers, you can change the failover order by clicking the up/down
arrow buttons in the
Order column.
Note: Keys are always encrypted before being sent from the
Q-EKM key server to a tape drive, whether SSL is
enabled or not. Enabling SSL provides additional
security.
Note: For SKM and KMIP Key Manager, the library actually
uses Transport Layer Security (TLS), a more secure
successor to SSL, to communicate with the
encryption servers.
To Next Page
Loading...
Need help?
General