HP StorageWorks Secure Key Manager Installation and replacement guide (AJ087-96013, November 2008)

3. Enter information in the Create Key section of the window as shown:

• Type the desired key name in Key Name. For example, EML_24uMaster.Thismustexactly

match the name entered in the Attribute Value for the KeyGenPolicy ﬁeld in step 12c of the

previous pr

ocedure.

• Type the library username, from step 5 above, in Owner Username.

• Use the default value for Algorithm which is AES-256.

• Select Del

etable.

• Select Exportable.

•UsethedefaultCopy Group Permissions From which is [None].

Create a ke

y sharing group so ETLA libraries can share keys.

IMPORTANT:

Perform this procedure now, even if you do not currently plan to share keys. If the library's username is

not added to a group at this point, the keys generated by the library can never be used by other libraries.

Adding th

e username to a group later will not enable key sharing with this (username) library.

Encrypted media may be exported from one library in the group and imported to another for decryption.

You must have at least one local group and you may have additional groups for more complex sharing

requirements.

To create a key sharing group:

1. Select the Security tab.

2. In the Users & LDAP menu, select Local Users & Groups.

3. Under User & Group Conﬁguration scroll to the Local Groups section.

4. Click Add.

5. Type the name of the group in the edit ﬁeld. For example, MainDataCenter.

6. Selectthenameofthenewgroup.

7. Under User List,clickAdd.

8. Type the username of the library client to be added to the group. Or select the library name from

the list.

9. Click Save.

Enrolling the library clients

Use the conﬁguration wizard on the Command View Tape Library to enroll the library client with the SKM.

Repeat this section for each library to be enrolled.

1. If necessary, log onto the Command View Tape Library as the Security Ofﬁcer.

2. Select and manage the library to be enrolled.

Secure Key Manager