Quantum Scalar i6000, Быстрый старт

Страница: 22 / 24

Q
UANTUM
S
CALAR I
6000 & S
AFE
N
ET
K
EY
S
ECURE
Q
UICK
S
TART
G
UIDE
25
a Enable SSL - The check box is checked automatically and the field is disabled.
b Server 1 - Type the IP address or domain name of the primary SafeNet KeySecure.
c Port for Server 1 - Accept the default or type the applicable port. The default port number is 443.
Note:
The port number must match the port number on the primary SafeNet KeySecure.
d Server 2 - Type the IP address or domain name of the secondary SafeNet KeySecure.
e Port for Server 2 - Accept the default or type the applicable port number. The port number must
match the port number on the secondary SafeNet KeySecure.
W
ARNING
:
Do not use port 443 . Port 443 will not allow keys to be served. If port 443 is configured
on the SafeNet KeySecure, you must change it.
f Repeat Step d and Step e for up to eight additional SafeNet KeySecures, in the order in which you
would like failover to occur. The port number listed in each
Port field must match the port number
used on that SafeNet KeySecures.
g Key Class - This field is not applicable.
4 Test the settings by clicking the EKM Path Diagnostics Test button.
The Path Diagnostic Results dialog box appears. If all the tests do not pass, troubleshoot until they
all pass. For more information on EKM Path Diagnostics, see Scalar i6000 User’s Guide.
5 Click Close .
6 Click OK .
An Operation in Progress dialog box appears, indicating the settings are being modified. Upon
successful completion, the system returns to the main console.
7 Ensure all ports corresponding to the SafeNet KeySecures are open on your firewall to allow the library
to connect to the servers.
Step 10: Configure Partitions for Library-Managed Encryption
In order to use the library to manage encryption on your SafeNet KeySecures, you must configure the
partitions for library-managed encryption. Encryption on the Scalar i6000 library is enabled by partition
only. You cannot select individual drives for encryption; you must select an entire partition for encryption.
There are two encryption methods available on the library:
• Allow Application Managed — Allows your host application to provide encryption support on all
encryption-capable tape drives and media within the partition. This is the default setting if the partition
contains encryption-capable tape drives. If you select this option, the library will not communicate with
the key server on this partition. If you want an application to manage encryption, you must specifically
configure the application to do so. The library will not participate in performing encryption. See your
host documentation for further details.