User`s guide

Chapter 7: Encryption Key Management
Configuring Scalar Key Manager (SKM) on the Library
Quantum Scalar i40 and Scalar i80 User’s Guide 183
8 Click Apply.
9 Ensure all ports corresponding to the EKM servers are open on your
firewall to allow the library to connect to the servers. For SKM, ports
80, 6000, and 6001 must be open.
Step 5: Install TLS
Communication
Certificates on the
Library
Depending on when your library was manufactured, TLS certificates may
already be installed. If they are not installed, you must install them. See
Checking and Installing TLS Certificates on page 198 for instructions on
how to verify whether they are installed, and how to install them.
Step 6: Run EKM Path
Diagnostics
Run the Manual EKM Path Diagnostics to be sure the library is
connected properly to both SKM servers. See
Running Manual EKM Path
Diagnostics on page 187 for instructions.
Step 7: Configure
Partitions for Library
Managed Encryption
Encryption on the library is enabled by partition only. You cannot select
individual tape drives for encryption; you must select an entire partition
to be encrypted.
Data written to encryption-supported and encryption-capable media in
EKM-supported tape drives will be encrypted unless data was previously
written to the media in a non-encrypted format. For data to be
encrypted, the media must be blank or have been written to using
Library Managed Encryption at the first write operation at the beginning
of tape (BOT).
Configure the partition(s) as follows:
1 From the Web client, select Setup > Encryption > Partition
Configuration.
A list of all your partitions displays, along with the Encryption
Method for each partition (see
Figure 32).