HP StorageWorks Secure Key Manager Installation and replacement guide (AJ087-96013, November 2008)

ManualsBrandsHP ManualsStorageEncryption and Key Management

3 Verifying that installation and

initial conﬁ guration is successful

It is crucial to verify the installation and initial conﬁguration. The two tests presented in this section will

verify that the tape backups are being encrypted, and that all nodes in the SKM cluster are accessible to

the ETLA library clients.

Verify that tape backups are being encrypted

This test encrypts data to a scratch tape, then attempts to read that data in a non-encrypting conﬁguration.

The failure to read data veriﬁes that encryption has occurred.

1. Verify that the following prerequisites have been met.

•AllSKMnode

s are successfully installed.

• All SKM nodes are successfully added to the cluster.

• All ETLA library pre-installation steps are complete: hardware and ﬁrmware are updated,

partition

ing is set-up correctly, Secure Manager is licensed and conﬁgured to allow access

to the backup hosts.

• All ETLA libraries are enrolled with the SKM cluster.

• The backup

administrator is present.

• There is at least one scratch tape present in each library. If the library is partitioned, identify

the partition containing the scratch tape.

•Aconsole

is available from which to access the ISV backup software.

• A console is available from which to view the SKM interface.

2. Prepare to conduct the test.

a. Using a s

eparate browser window for each SKM node, log into each of the nodes via the

interfa

ce.

b. For each node (in each browser window), on the Device tab in the Logs and Statistics panel,

select Log Viewer, then select Activity.

c. In the S

how last number of lines ﬁeld, select All, then click Display Log.

d. On a se

parateconsole,logintotheISVsoftwareandensurethatitcanaccesstheLTO4

tape drives to be used in the test.

3. Use the ISV console to load the scratch tape into an LTO4 drive in a partition or library with an

encry

pting (KT or KP) policy, then to format or initialize the tape.

Optio

nally,writeafewrecordstothetapewhichcanberestoredlatertodemonstratethatthe

restoresucceeds.Theinitializationprocessmaybesufﬁcient, if it writes records which may be later

retrieved (timestamps, etc).

4. Use t

he ISV software to read the records from tape, to show that the encrypted data is readable.

5. Using the SKM browser windows, demonstrate that the Activity Log of one SKM contains a new entry

showing a key was created.

6. For each of the other SKM browser windows, select the Security tab, then show the key in the Keys

win

dow to demonstrate that the key has been replicated to each node.

Return to the Activity Log viewer after verifying the replication.

7. Use the ISV console to unload the media to a library slot.

Secure Key Manager