Manualshelf

HP StoreEver MSL6480 Tape Library User and Service Guide

ManualsBrandsHP ManualsStorageHP StoreEver MSL6480 Scalable Base Module
51525354555657585960
Configuring the encryption key manager type
The Configuration > Encryption screen displays the available data encryption key manager types
along with the status of each type. Only one encryption manager type can be configured for the
library at a time and it will be used for all tape drives and partitions.
NOTE: Encryption configuration changes cannot be made while media is loaded in any drive
in the library.
To change the configured encryption key manager, select the key manager and then click Submit.
Replicating encryption keys from the MSL Encryption Kit to the HP ESKM
If the library is using the ESKM and reading a tape that was encrypted with a key on an MSL
Encryption Kit token, you can enable key migration to have the encryption key copied to the ESKM
server. When reading an encrypted tape when USB MSL Encryption Kit to HP ESKM migration
is active, the library first attempts to obtain the encryption key from the ESKM server. If the key is
not found on the ESKM server, the library attempts to obtain the key from the currently inserted
encryption kit token. If the key is found on the token, the library submits the key to the ESKM server.
After migration, the key is on both the ESKM and token.
This feature is useful when using a tape with libraries using different encryption key managers or
when changing your site’s encryption key manager strategy from the encryption kit to the ESKM.
NOTE: If you are changing your encryption key management strategy from the encryption kit to
the ESKM, the key replication process can only be considered complete when all pieces of encrypted
media have been cycled through a read cycle in the library and had the corresponding keys
created on the ESKM server. There is not currently a way to replicate all keys on a token nor to
verify that all keys on the token have been replicated on the ESKM server. For this reason, HP
recommends always keeping the token installed in the library and logged in.
To copy encryption keys from an MSL Encryption Kit token to the ESKM, expand the USB MSL
Encryption Kit to HP ESKM Key Migration pane, check USB MSL Encryption Kit to HP ESKM
migration active, enter the token password if requested, and then click Submit.
Configuring use of the MSL Encryption Kit
The Configuration > Encryption > USB MSL Encryption Kit screen displays information about the
token and provides access to enter the token PIN, and configure a new token. Access to this screen
is only available to the security user.
For additional information on using the MSL Encryption Kit, see the HP StoreEver MSL Encryption
Kit User Guide on the HP Business Support website: http://www.hp.com/support/manuals.
NOTE: Only one encryption method is allowed at a time and it is used for the entire library. If
the ESKM is active, the MSL Encryption Kit will not be used.
Entering the token PIN
Figure 15 Entering the token PIN
Configuring the library 59