User's Manual

ManualsBrandsQuantum ManualsNetwork RouterScalar i500

Setting Up Quantum Encryption Key Manager on Your Scalar i500 Library

Document 6-01601-04

March 2010

2 Setting Up Q-EKM On the Library

Setting Up Q-EKM On the Library 0

Step 1: Upgrade Firmware 0 Upgrade your library and tape drive firmware to the latest released versions.

Step 2: Install the License

Key on the Library

1 Obtain a license key for encryption, following the instructions on the License Key

Certificate you received.

2 Do one of the following:

• From the operator panel, select

Setup > Licenses.

• From the web client, select

Setup > License.

3 Enter the new Q-EKM license key.

4 Click

Apply.

A progress window displays, showing time elapsed. When complete, a green

Success

message appears, and the status changes to “Operation Succeeded.” Encryption Key

Management (EKM) is now listed as a feature on the screen. (If a

Failure message

appears, you may have entered an incorrect license key—try again.)

5 Click

Close.

Step 3: Install Q-EKM on a

Server or Servers

You must supply a server or servers on which to install Q-EKM. Quantum Field Services

will schedule an appointment to install the software and configure your servers.

Step 4: Configure

Encryption Settings and

Key Server Addresses

Make sure you complete all steps above before proceeding.

1 Unload tape cartridges from all encryption-capable tape drives in the library.

2 From the web client, select

Setup > Encryption > System Configuration.

Key Server Type: If this field is visible, select Q-EKM from the drop-down list.

Automatic EKM Path Diagnostics: Enable or disable this feature and set the test

interval as desired. You may also specify the number of consecutive missed test

intervals required to generate a RAS ticket. For more information, see Automatic

EKM Path Diagnostics on page 7.

Note: Since the i500 library needs to communicate with the Q-EKM server in

real time when reading from or writing to an encryption-enabled drive,

it is strongly recommended that you use both a primary and secondary

Q-EKM server. This way, if the primary server is unavailable at the

time the library needs encryption information, the secondary server

can handle the request. The Scalar i500 library allows you to configure

up to two Q-EKM servers for redundancy/failover purposes.