ww
w
.d
el
l.c
om |
s
u
ppo
rt.
de
ll.
co
m
6
4
If you want different partitions to use different EKM key servers, fill in the Library Managed Encryption
Server Overrides section as described in this step. The settings in the overrides section supersede the
default settings listed in the
Setup > Encryption > System Configuration
screen. (However, the overrides
settings do not change the settings listed in the
Setup > Encryption > System Configuration
screen.
Those settings are the default configuration settings for any partition that does not use overrides.)
Overrides are only available on partitions that have
Library Managed
set as the encryption method.
CAUTION:
Only fill in the overrides section if you want different partitions to use different EKM key servers.
Otherwise, leave this section alone and allow the values from the
Setup > Encryption > System Configuration
screen to
populate these fields. Once you make any changes to the overrides section, the default values from the
Setup >
Encryption > System Configuration
screen will no longer automatically populate these fields. If you want to return to
the default settings after changing the overrides, you must enter them manually.
For each partition that has Library Managed as the encryption method, do the following:
•
Type the IP address (if DNS is not enabled) or the host name (if DNS is enabled) of the primary EKM
key server in the
Primary Host
text box.
•
Type the port number for the primary EKM key server into the
Port
text box. The default port number
is 3801, unless SSL is enabled. If SSL is enabled, the default port number is 443.
•
If you are using a secondary EKM server, type the address/host name and port number of the secondary
EKM key server in the
Secondary Host
and
Port
text boxes.
•
Select the
SSL
checkbox if you want to enable Secure Sockets Layer (SSL) for communication
between that partition and the EKM servers. The default is Disabled. If you enable SSL, you must
make sure that the primary and secondary EKM port numbers in the overrides section match the SSL
port numbers set on the EKM servers. The default SSL port number is 443.
NOTE:
Keys are always encrypted before being sent from the EKM server to a tape drive, whether SSL is enabled or
not. Enabling SSL provides additional security.
NOTE:
Restriction on EKM servers used for overrides:
If you are using primary and secondary servers for overrides, the
following restriction applies. (If you are not using a secondary server, there are no restrictions.)
Restriction:
A given primary server and secondary server must be “paired” and cannot be used in different
combinations. For example:
• You can have Server1 as primary and Server2 as secondary for any or all partitions.
• If Server1 is primary and Server2 is secondary on one partition, then in any other partition that you use Server1,
Server1 can only be primary and it must be “paired” with Server2 as secondary. You cannot have Server1 as
primary and Server3 as secondary on another partition.
• You cannot have Server1 be both primary on PartitionA and secondary on PartitionB.
• You cannot have Server2 be both secondary on PartitionA and primary on PartitionB.
If you use overrides, make sure that you install Dell EKM on all the servers you specify. Then run the
Manual EKM Path Diagnostics on each tape drive in every partition configured for EKM to make sure that
each tape drive can communicate with and receive keys from the specified EKM key server. For more
information, see Using EKM Path Diagnostics on page 7.
5
Click
Apply
.
The Progress Window appears. The Progress Window contains information on the action, elapsed time,
and status of the requested operation. Do one of the following:
•
If
Success
appears in the Progress Window, the EKM system settings were successfully configured.
Click
Close
to close the Progress Window.
Unsupported
Means that no tape drives in that partition support
encryption.
If
Unsupported
is shown, it will be greyed out and you will
not be able to change the setting.