HP StorageWorks Secure Key Manager pre-installation survey and checklists (AJ087-96009, May 2008)
Planning step: Designate someone to represent the SO and your backup administrator who will be
present during all steps of the SKM configuration, the enrollment of the ETLA libraries, and validation
testing of the HP SKM solution.
Designing the cluster, identifying any cross-geography requirements
The HP SKM is deployed in a minimum configuration of 2 SKM nodes. These nodes may be deployed in
the same or different physical locations. You may, for example, want the nodes to be in different sites
to provide ke
y availability in event of a power outage at one site.
Planning ste
p: If multi-site deployment is needed, HP needs information about both sites before scheduling
the installation.
Obtaining a static IP address for the SKM
The SKM will only accept static IP addresses. If you want to use both network ports on each appliance, you
will need 2 static IP addresses per appliance. IP addresses are typically provided by your IT department.
Planning step: Obtain 1 or 2 static IP addresses per SKM appliance. If you install 2 appliances, you
will need at least 2 — and up to 4— static IP addresses. Also obtain the subnet mask and the default
gateway for each IP address.
Identifying the ETLA libraries and number of LTO4 drives to be used for
encrypti
on
Determine what portion of your backups will be encrypted and provision sufficient LTO4 drives to meet
those req
uirements. If some of the LTO4 tape drives in a library will be used for encryption and others
will not, then the library must be partitioned before the SKM is installed. The HP ETLA libraries may be
configured to contain up to 6 partitions per physical library. Each partition may have a separate key
generation policy that will apply to all LTO4 drives in that partition. For example, if you have 8 LTO4
drives but only want 2 of them to be used for encryption, partition the library so that one partition
contain
s 2 LTO4 drives and the other partition contains the remaining 6 drives. If a library is not
partit
ioned, then all LTO4 drives will be used for encryption after the SKM has been configured.
The num
ber of libraries and LTO4 tape drives dedicated to encrypting backup data will depend on
your business needs.
NOTE:
Partitioning the library is not part of the SKM installation. However, if there will be both encrypting and
non-en
crypting drives in the same tape library, it is necessary to partition the library. Any partitioning
steps
must be complete before the SKM is installed. Consult the users guide for your tape library for
instructions on library partitioning.
Planning steps: Have a list of libraries to be enrolled with the SKM. For each library, have a list of LTO4
drives which will be used for encryption. If there are also LTO4 drives in the libraries which will not be
used for encryption, ensure partitioning is complete before the SKM installation occurs.
Addressing physical installation and security requirements for the SKM
Ensure rack and power requirements are met at each site.
NOTE:
Each node of the SKM cluster requires two (2) power connections to the rack’s power distribution unit.
Due to the size of the secure bezel, the SKM requires 2U of the rack per appliance, 1U for the appliance
and 1U blank below the appliance. HP recommends that a rack blank be installed in the unit directly
below each appliance.
2