Manualshelf

HP StorageWorks Secure Key Manager Installation and replacement guide (AJ087-96013, November 2008)

ManualsBrandsHP ManualsStorageEncryption and Key Management
31323334353637383940
1. Verify that the following prerequisites have been met.
All SKM nodes are successfully installed.
All SKM nodes are successfully added to the cluster.
All ETLA library pre-installation steps are complete: hardware and rmware are updated,
partitioning is set-up correctly, Secure Manager is licensed and congured to allow access
to the backup hosts.
All ETLA libraries are enrolled with the SKM cluster.
•TheprocedureinVerify that tape backups are being encrypted is successfully completed.
The backup administrator is present.
There is at least one scratch tape present in each library. If the library is partitioned, identify
the partition containing the scratch tape.
There is a console available from which to access their ISV backup software.
There is a console available from which to view the SKM interface.
There is a console available from which to view Command View TL.
2. Prepare to conduct the test.
a. Using a separate browser window for each SKM node, log into each of the nodes via the
interface.
b. For each node (in each browser window), on the Device tab in the Logs and Statistics panel,
select Log Viewer, then select Activity.
c. In the Show last number of lines eld, select All, then click Display Log.
d. Log in to the ISV software and ensure that it can access the LTO4 tape drives to be used in the test.
3. Using Command View TL, rerun the SKM Wizard and remove all but one of the SKM IP addresses
that were congured during installation.
The Interface Manager reboots at the end of this step. Reboot takes less than 5 minutes.
4. Use the ISV software to load the tape (from the procedure in Verify that tape backups are being
encrypted)intoanLTO4drive,thenreadthedata.
The read operation will be successful. This veries that the key is available on the single node,
that the path to the node is operational, and the library client’s certicates and credentials at that
node are correct.
5. Unload the cartridge.
6. Repeat the above steps for each node in the SKM cluster.
7. After all nodes are proven to be accessible, recongure the ETLA with the original IP addresses
8. Reboot the Interface Manager.
If the procedure fails for one node, the most likely cause is an issue with the server certicate on that
node. Review the steps in Creating the SKM server certicate.Eachnodehasitsownservercerticate,
butthesemusthavethesamenameandmustallbesignedbythesameCA.
Secure Key Manager
35