manualshive.com logo in svg

Quantum Scalar i6000, Быстрый старт

Поделиться
Скачать
Quantum Scalar i6000 Скачать руководство пользователя страница 16

Q

UANTUM

 S

CALAR

 

I

6000 & S

AFE

N

ET

 K

EY

S

ECURE

 Q

UICK

 S

TART

 G

UIDE

19

9

Select the KMIP link. 

10

View the Cryptographic Key Server Properties. Click 

Edit

 to alter any values.

The available fields are:

-

IP

 - IP address(es) on which the key server is enabled on the KeySecure. We strongly recommend 

that you select a 

specific

 IP address rather than using 

[All]

. If you have multiple IP addresses 

available, using a single address here enables the key server to listen for traffic on only one IP 
address. This can greatly reduce system vulnerability to outside attacks.

-

Port

 - port on which the key server is listening for client requests. We recommend 5696 for KMIP. 

-

Use

 

SSL

 - required for KMIP.

-

Server

 

Certificate

 - must point to a server certificate signed by a local CA.

-

Connection

 

Timeout (sec)

 - specifies how long a client connect can remain idle before the key 

server begins closing them. The default value is 3600, which is also the maximum.

-

Allow

 

Key

 

and

 

Policy

 

Configuration

 

Operations

 - when enabled, the key server allows the 

following actions:

key creation and deletion

key import

-

Allow

 

Key

 

Export

 - when enabled, the key server allows key export.

11

View the Authentication Settings. Click 

Edit

 to alter any values. KMIP clients must provide certificates 

to connect to the KeySecure, which means the KeySecure must have access to signing CA to verify 
the certificate.

Содержание Scalar i6000

Страница 1: ...ne at a time as needed upon request This document summarizes the information available in the quick start and user guides that accompany your Quantum Scalar i6000 library and SafeNet KeySecure applian...

Страница 2: ...5 Use a screwdriver to tighten the screws This should securely attach the mounting brackets to the rack posts 6 Connect the null modem cable to the serial port on the back panel of the KeySecure Plug...

Страница 3: ...nly be reset by another administrator with the appropriate access privileges This is a fundamental security precaution If all administrator passwords are lost you cannot re configure the KeySecure All...

Страница 4: ...ation tool to run from The default value is recommended Enter the port number 9443 Enter the port number The script displays the default port of 9443 You can accept this default by pressing Enter or y...

Страница 5: ...rm the same PIN value SETTING SO PIN Are you duplicating this keyset Y N g Press No The KeySecure CLI displays the following message Luna PED operation required to login as HSM Administrator use Secur...

Страница 6: ...Press ENTER m Insert the Domain red iKey and press Enter SETTING DOMAIN Enter new PED PIN n Enter a PIN value SETTING DOMAIN Confirm new PED PIN o Confirm the same PIN value SETTING DOMAIN Are you dup...

Страница 7: ...icating this keyset Y N w Press No USER LOGIN Insert a USER Partition Owner PED Key Press ENTER x Keep the User Partition black iKey inserted in the PED and press Enter USER LOGIN Enter PED PIN y Ente...

Страница 8: ...y Press ENTER ae Insert the User Partition black iKey and press Enter USER LOGIN Enter PED PIN af Enter the PIN for the User Partition Owner black iKey and press Enter The KeySecure CLI displays the f...

Страница 9: ...Web administration server Creating certificate for signing logs Creating SSH host keys SSH RSA key fingerprint 2048 41 63 d3 ca c9 ea 1f f7 a1 84 8b 05 b4 a6 3b 64 SSH DSA key fingerprint 2048 1d 04 d...

Страница 10: ...6000 the CA s Key Size must be 2048 4 Select either Self signed Root CA or Intermediate CA Request as the Certificate Authority Type When you create a self signed root CA you must also specify a CA Ce...

Страница 11: ...CA Configuration page Security SSL Certificates 2 Enter the Certificate Name Common Name Organization Name Organizational Unit Name Locality Name State or Province Name Country Name Email Address and...

Страница 12: ...XhLVapKMqNuUHUYf7CTB5JNHHy0cYKTNHHy0cYKTuV1Ce8nvvU G yp2Eh8aJ7thaua41xDFXPmIEXTqzXi1 DCWAdWaysojPCZugY7jNWXmg END CERTIFICATE REQUEST Important Be sure to include the first and last lines BEGIN CERTIF...

Страница 13: ...e key the certificate request can t be created on the KeySecure Below are the instructions for creating the certificate request in OpenSSL though you may use another certificate creation tool if desir...

Страница 14: ...icate request A challenge password asdf1234 An optional company name 3 Open the certificate request in a text editor Copy the text 4 Copy the certificate request text The certificate text looks simila...

Страница 15: ...mat using the following openssl command openssl pkcs12 export in signed crt inkey qtmkey pem out qtmbundle p12 Enter pass phrase for qtmkey pem Enter Export Password Verifying Enter Export Password Th...

Страница 16: ...e key server is listening for client requests We recommend 5696 for KMIP Use SSL required for KMIP Server Certificate must point to a server certificate signed by a local CA Connection Timeout sec spe...

Страница 17: ...connection is closed immediately When you select this option you must also select a Trusted CA List Profile and you must choose the field from which the username is derived Trusted CA List Profile sel...

Страница 18: ...ion and Quantity Quantity refers to the number drives licensed to use this feature 3 In the Enter License Key box type the appropriate license key License keys are not case sensitive and are all inclu...

Страница 19: ...le above Client Certificate qtmbundle p12 from the example above These files must be in the proper format as follows If any of the following requirements is not met neither of the certificates will be...

Страница 20: ...lick Browse to retrieve the Client Certificate File 6 In the Client Certificate Password field type the password used when generating the certificate files your server administrator should provide thi...

Страница 21: ...is configured Note Assign your SafeNet KeySecures on this screen in the order in which you want failover to occur Server 1 is the primary server Server 2 is the secondary server and so on For an initi...

Страница 22: ...leshoot until they all pass For more information on EKM Path Diagnostics see Scalar i6000 User s Guide 5 Click Close 6 Click OK An Operation in Progress dialog box appears indicating the settings are...

Страница 23: ...ver be appended to encrypted data on tape For data to be encrypted via library managed encryption the media must be blank or have been written to using library managed encryption at the first write op...

Страница 24: ...re Using EKM Path Diagnostics EKM Path Diagnostics is a series of short tests performed by the library to determine if the EKM servers are connected and operating properly You can perform EKM Path Dia...

Отзывы:

Нет отзывов

Бренды по названию

Популярные бренды

Загрузить еще бренды