A eskm management solutions, Enabling the eskm license key, Configuring encryption key management – HP StoreEver ESL G3 Tape Libraries User Manual

A ESKM Management Solutions

The ESL G3 supports HP Enterprise Secure Key Manager (ESKM) which generates, protects, stores,
and manages encryption keys. The ESL G3 library automatically acquires and delivers these keys
to the tape drives to encrypt information being written to, and decrypt information being read
from, tape media.

NOTE:

The encryption key management feature of ESL G3 can only be configured by those

logged in with security-level permissions.

You must have an ESKM license installed on your library in order to use the encryption key
management features described in this chapter.
Setting up ESKM on the ESL G3 consists of the following steps:

•

“Enabling the ESKM License Key” (page 221)

•

“Configuring Encryption Key Management” (page 221)

Enabling the ESKM License Key

To enable the ESKM license key:

1.

From the menu bar, click Setup

→Licenses.

The Licenses dialog box appears.
This dialog box lists the licensed features for your library, including their status, expiration
date, and quantity.

2.

To enable a license key, type the appropriate license key in the Enter License Key box.
You do not need to highlight the feature before you enter a license key. License keys are not
case sensitive and are all inclusive. For example, J2BGL-22622-52C22 can be entered as
j2bgl-22622-52c22.549.

3.

Click OK.

Configuring Encryption Key Management

The HP ESL G3 Key Management Setup Wizard guides you through configuring the library and
drives to enable a key management strategy using HP ESKM. Ensure all library configurations are
complete, and the library is fully operational prior to configuring the encryption key management
feature. Also, before using the library configuration wizard, be sure to complete all steps in the
ESKM Configuration Guide for use with HP Tape Libraries.
The following sections are available to initially configure, or to modify the configuration of, the
encryption key management feature:

•

“Using Select Key Management Type” (page 221)

•

“Using Update Key Manager Configuration” (page 223)

•

“Using Update Key Manager Certificate” (page 223)

NOTE:

Each ESL G3 library must have a user account on the ESKM servers, and that account

must exist prior to running the Key Management Setup Wizard. The steps to configure the library
user account are in the document ESKM Configuration Guide for use with HP Tape Libraries.

NOTE:

HP strongly recommends that the ESKM servers be tested after the Setup Wizard is

complete, to ensure encryption is functioning, and to ensure that the cluster failover configuration
is correct. The steps to perform those validation tests are documented in ESKM Configuration Guide
for use with HP Tape Libraries.

Using Select Key Management Type

Keys may be managed by either a Key Manager, or by your backup application software. To
make the selection:

Enabling the ESKM License Key 221