www
.de
ll
.co
m | sup
port.d
ell
.c
om
3
READ THIS FIRST - How To Set Up Dell Encryption
Key Manager On Your PowerVault™ ML6000
(English)
About Cautions
CAUTION:
A CAUTION indicates potential damage to hardware or loss of data if instructions are not followed.
Purpose of This Document
The Dell Encryption Key Manager (EKM) is a centralized key manager application that manages the encryption
keys used as part of the IBM LTO-4 and IBM LTO-5 drive-based data encryption process. Library-managed
encryption is an optional, licensed feature that must be enabled from the PowerVault ML6000 library in order to
begin encrypting data using the LTO-4/LTO-5 tape drive encryption capabilities.
The Dell EKM is an IBM Java software program that assists encryption-enabled tape drives in generating,
protecting, storing, and maintaining encryption keys that are used to encrypt information being written to, and
decrypt information being read from, tape media. Policy control and keys pass through the library; therefore,
encryption is transparent to the applications.
For more information about installing and configuring the EKM server and Dell EKM best practices, please refer
to the
Dell PowerVault Encryption Key Manager User’s Guide
and the
Dell Encryption Key Manager and Library
Managed Encryption Best Practices and FAQ
fact sheet.
NOTE:
In order for Dell EKM to work properly, you must upgrade both your library and tape drive firmware to the latest
released versions. The latest firmware and installation instructions are available on
http://support.dell.com
.
Supported Tape Drives and Media
Library managed encryption on the PowerVault ML6000 supports encryption only on LTO-4 and LTO-5 data
cartridges using IBM LTO-4 and LTO-5 Fibre Channel and SAS tape drives. ML6000 library managed
encryption does not support encryption on other tape drive types or manufacturer brands, even if they are
assigned to a partition selected for encryption. Other media types (for example, LTO-3) can be read, but not
encrypted, by tape drives enabled for library managed encryption.
Installing the Dell EKM on a Server
You must supply a server or servers on which to install the Dell EKM. When you purchase library managed
encryption, you receive a CD which contains the software to install on the server, along with installation
instructions and a user’s guide. You must set up your EKM server(s) and install your license key before you can
set up EKM on your library.
NOTE:
Since the Dell PowerVault ML6000 library needs to communicate with the EKM server in real time when reading
from or writing to an encryption-enabled tape drive, it is strongly recommended that you use both a primary and
secondary EKM server. This way, if the primary server is unavailable at the time the library needs encryption
information, the secondary server can handle the request. The Dell PowerVault ML6000 library allows you to use up to
two EKM servers for failover/redundancy purposes.