HP StorageWorks Secure Key Manager Installation and replacement guide (AJ087-96013, November 2008)
A SKM pre-installation survey and
checklist, for connecting to ETLAs
Use the survey and checklist to establish system-wide information and ensure proper configuration for
the SKM and the Enterprise Tape Libraries with Extended Tape Library Architecture (ETLAs) to which the
system is attached. This must be done before beginning system installation to ensure success.
SKM pre-installation survey
The survey identifies critical information HP needs to install and configure the HP Secure Key Manager
(SKM). The survey also identifies prerequisites that must be in place prior to installation (for example,
ETLA library firmware versions and configurations), even though they are not part of the HP SKM
installati
on service. Finally, the survey includes areas which you should consider prior to installation in
order to ensure your security policies are not subject to disruption, and can continue to function without
interruption if a disruption does occur. This includes reviewing site requirements and guidelines for
planning backups of the SKM.
NOTE:
Standard i
nstallation consists of installing two appliances and enrolling one ETLA Tape Library at
one location. Requirements exceeding the standard service, such as installing additional appliances,
enrolling multiple ETLA Tape Libraries, complex or custom implementation, or integration activities can
be accommo
dated at additional cost.
Sourcing the SKM security offi cer (SO) role and ensuring installation support
TheSOrolewilldefi ne and oversee the security policies for your data center, or even for the enterprise. If
you already have an SO and security polices, they will define how the SKM integrates and enhances
those policies. With HP’s SKM and ETLA tape libraries, the SO may be responsible for ensuring
the installation meets your company’s business objectives. This includes ensuring the correct libraries
and drives are selected for encryption, and selecting the appropriate key generation policies for your
business. After installation, the SO may be responsible for auditing those policies, and determining when
policy changes are needed.
During installation someone representing your SO and your backup administrator must be present
to enter passwords and answer any security-related and company-related questions that arise. After
installation, they will also initiate tests HP has defined which will initialize, write, and read some scratch
LTO4 media using your backup application.
Planning step: Designate someone to represent the SO and your backup administrator who will be
present during all steps of the SKM configuration, the enrollment of the ETLA libraries, and validation
testing of the HP SKM solution.
Designing the cluster, identifying any cross-geography requirements
The HP SKM is deployed in a minimum configuration of 2 SKM nodes. These nodes may be deployed in
the same or different physical locations. You may, for example, want the nodes to be in different sites
to provide key availability in event of a power outage at one site.
Planning step: If multi-site deployment is needed, HP needs information about both sites before scheduling
the installation.
Secure Key Manager
37