ww
w
.d
el
l.c
om |
s
u
ppo
rt.
de
ll.
co
m
4
Setting Up Encryption On the Library
Step 1: Installing a License Key
NOTE:
Ensure that both your library and tape drive firmware are updated to the latest released versions. The latest
firmware and installation instructions are available on
www.support.dell.com
.
1
Obtain a license key for encryption, following the instructions on the
License Key Certificate
you received.
2
Do one of the following:
•
From the operator panel, select
Setup > Licenses
.
•
From the Web client, select
Setup > License
.
3
Enter the new license key.
4
Click
Apply
.
A progress window displays, showing time elapsed. When complete, a green
Success
message appears, and
the status changes to “Operation Succeeded.” Encryption is now listed as a feature on the screen. (If a
Failure
message appears, you may have entered an incorrect license key.)
5
Click
Close
.
Step 2: Configuring Encryption Settings and Key Server Addresses
1
Unload tape cartridges from all encryption-capable tape drives in the library.
2
From the Web client, select
Setup > Encryption > System Configuration
.
3
Automatic EKM Path Diagnostics
: Enable or disable this feature and set the test interval as desired. You
may also specify the number of consecutive missed test intervals required to generate a RAS ticket. For
more information, see Automatic EKM Path Diagnostics on page 9.
4
Secure Sockets Layer (SSL)
: To enable SSL for communication between the library and the EKM key
servers, select the
SSL Connection
checkbox. The default is Disabled. If you enable SSL, you must make
sure that the
Primary
and
Secondary Key Server Port Numbers
(see below) match the SSL port numbers
set on the EKM key servers. The default SSL port number is 443.
NOTE:
Keys are always encrypted before being sent from the EKM key server to a tape drive, whether SSL is enabled or
not. Enabling SSL provides additional security.
5
In the
Primary Key Server IP Address or Host
text box, enter either:
•
The IP address of the primary key server (if DNS is not enabled), or
•
The host name of the primary key server (if DNS is enabled)
6
Enter the port number for the primary key server into the
Primary Key Server Port Number
text box. The
default port number is 3801 unless SSL is enabled. If SSL is enabled, the default port number is 443.
NOTE:
If you change the port number setting on the library, you must also change the port number on the key server to
match or EKM will not work properly.
7
If you are using a secondary key server for failover purposes, enter the IP address or host name of the
secondary key server into the
Secondary Key Server IP Address or Host
text box.
NOTE:
If you do not plan to use a secondary key server, you may type a zero IP address, 0.0.0.0, into the
Secondary Key Server IP Address or Host
text box, or you may leave the text box blank.
8
If you configured a secondary key server (previous step), enter the port number for the secondary key server
into the
Secondary Key Server Port Number
text box. The default port number is 3801 unless SSL is
enabled. If SSL is enabled, the default port number is 443.
NOTE:
If you are using a secondary key server, then the port numbers for both the primary and secondary key servers
must be set to the same value. If they are not, synchronization and failover will not occur.
9
Click
Apply
.