Manualshelf

HP StorageWorks Secure Key Manager Installation and replacement guide (AJ087-96013, November 2008)

ManualsBrandsHP ManualsStorageEncryption and Key Management
31323334353637383940
8. Temporarily disable the encryption policy
a. In one of the SKM browser windows, select the Security tab.
b. In the User and LDAP pane, select Local Users and Groups.
c. Select the username of the library client being tested.
d. Select the Custom Attributes tab, then click Edit.
e. For the partition containing the scratch tape, change the policy to NE (No Encryption).
f. Click Save.
9. Demonstrate that the policy change was replicated.
a. Return to the Activity Log display.
b. In each of the other SKM browser windows, view the Custom Attributes of the library client.
The policy will show NE.
c. Return to the Activity Log display.
10. Use the ISV console to load the scratch tape into an LTO4 drive in the same partition and attempt
to read the records written to the tape earlier in this procedure.
NOTE:
If possible, use a different drive in the partition to further demonstrate that all drives in the
partition have the same policy.
This operation will fail because the encryption policy is temporarily disabled.
11 . Note the error message that displays. This will be the error message that this ISV uses when
encrypted tapes are placed in non-encrypting drives.
12. Re-enable the encryption policy using the method in Step 8 and changing the policy to the original
setting.
NOTE:
Review the changes to ensure the policies for each partition are correct.
13. In each of the SKM browser windows, view the custom attributes for the library to verify that the
policy c
hanges were replicated to each node.
14. Use the
ISV to load the tape into an LTO4 drive in the same partition, preferably the same drive used
in Step 10 and read the records written to the tape earlier in this procedure.
This operation will succeed because the encryption policy has been re-enabled.
15. Unload
the tape.
16. Using the Activity Log viewers, demonstrate that one of the SKM nodes has now logged a key export.
If this test fails, the most likely cause of the failure is an incorrectly entered or missing KeyGenPolicy. See
Enrolling ETLA libraries with the SKM. You can also rerun the connectivity test in the Command View
Wizar
d.
Verify all nodes of the SKM cluster are accessible to ETLA
libraries
This test temporarily congures the ETLA library so that only one SKM node is visible at a time, then tests
that each node in the cluster can read an encrypted tape.
34
Verifying that installation and initial conguration is successful