HP StorageWorks Secure Key Manager Installation and replacement guide (AJ087-96013, November 2008)

ManualsBrandsHP ManualsStorageEncryption and Key Management

Setting up SKM cl

ient accounts for each tape library

NOTE:

An Advanced Secure Manager license is required on each ETLA library to be enrolled with the SKM.

Ensure that all

ETLA libraries which will use the SKM are in green status before setting up their client

accounts.

The HP ETLA tape libraries must have LTO4 tape drives installed, and the library and its components must

have ﬁrmware versions that support the key management feature. See the pre-installation survey for the

speciﬁc ﬁrmware versions required. Instructions for obtaining and updating ﬁrmware can be found in

the library's

user and service guide.

In the following steps, key generation policies are assigned per library partition or per physical library if

there are no partitions. Consider partitioning the library if any of the following are true:

• If your key gen

eration policy requires more than one key for a single library, the library must be

partitioned

before setting up the SKM client account for that library.

• If the library contains a mixture of tape drive technologies, HP recommends creating separate

partitions for each drive type. A tape library can be divided into as many as six partitions, with a

minimum of one drive per partition. Only LTO-4 drives can be conﬁgured for encryption.

For more information on partitioning ETLA libraries, see h

ttp://www.hp.com/go/ebs.Fromthegray

box on the right side of the screen, select EBS Whitepapers & Implementation Guides.

Under Libr

ary Partitioning, select "

Partitioning in an EBS Environment Implementation Guide

Repeat this section for each library to be enrolled in the SKM.

In the following steps you will need the serial number of the ETLA library to be enrolled as an SKM client.

If the library is partitioned, you will need the serial number of each partition. The library serial number

is available from Command View TL. Select and manage the library to be enrolled. Click the Identity

tab. Thelibraryserialnumberisshownatthebottomofthescreen.

Partition serial numbers are also available from Command View TL. Select and manage the library to

be enrolled. Click the Conﬁguration tab. In the left-hand section of the window, click Partitioning.The

library partitions are shown in the Partitioning section of the window to the right. For each partition,

right-click the name of the partition and select Properties. The partition serial number is shown near the

top of the Properties window.

TIP:

If you have Command View TL open in a separate browser window, you can copy and paste the serial

numbers from Command View to the SKM console.

To set up the accounts for each tape library, perform the following steps:

1. Ensure that the library has the minimum ﬁrmware revisions speciﬁed on the pre-installation survey.

Also ensure that any necessary library partitions have been conﬁgured.

2. If necessary, login as admin to the SKM management console.

3. In the Users & LDAP menu, click Local Users & Groups.

4. Below the Local Users section, click Add.

5. Type the library's username and a password into the appropriate ﬁelds. The username may be any

value, but must be unique for each ETLA library.

6. Click Save.

7. Selectthenewlycreatedusernamefromthelistoflocalusers.

8. Click Properties.

9. Click the Custom Attributes tab.

Secure Key Manager