HP StoreEver ESL G3 Tape Libraries User Manual

2.

Click Setup

→Network Configuration→Network Configuration.

3.

Type the appropriate value into the IP Address field.

4.

To change any other settings, type the appropriate values into the corresponding fields and
select or clear the appropriate radio boxes.

A Warning message appears, explaining that you are changing the network configuration
from a remote client, and that the connection to the library will be lost until you restart the
remote client.

5.

If you are sure that you want to make the change, click Yes. If you are unsure about whether
the change is appropriate, click No.

6.

After the library processes the request successfully, a message appears that asks you whether
you want to shut down the library. You must shut down and restart the library.

Enabling Federal Information Processing Standards (FIPS)

When the Federal Information Processing Standards (FIPS) feature is enabled on an ESL G3 tape
library, all drives within partitions that are using library-managed encryption (LME) will be put into
FIPS compliant mode. When in FIPS compliant mode, HP LTO-5 and LTO-6 drives will only accept
certain commands related to encryption key management if the commands are sent within a
TLS-authenticated session over Ethernet.

CAUTION:

Enabling the FIPS feature is a one-time and irreversible configuration option. Once

enabled, the drives are placed in a secure state that cannot be disabled.

Enabling FIPS:

•

Specifies whether drives within partitions using library-managed encryption (LME), such as
ESKM and KMIP, will be placed into FIPS compliant mode.

•

Has serious ramifications for service, support, and future library configuration, and should
only be enabled if all of these ramifications are understood.

•

Only encrypting partitions will be FIPS compliant. For instance, when using ESKM, partitions
with No Encryption (NE) or Externally Managed (EM) policies will not be FIPS compliant.

NOTE:

FIPS compliance is only supported with LTO-5 and LTO-6 in the ESL G3.

The following changes in library behavior will occur when FIPS is enabled:

•

Due to the certificate exchange that occurs between the library and drives when the library's
FIPS feature is enabled, the drives in the library that are operating in FIPS compliance can
only be used within that same library. For example, HP LTO-5 and LTO6 drives operating in
FIPS compliance cannot be swapped between libraries, even if both libraries have the FIPS
feature enabled.

•

Only drives that are in LME partitions will operate in FIPS compliance. Drives in non-LME
partitions and drives that are not allocated to partitions will not be operated in FIPS compliance.

•

When operating in FIPS compliance, HP LTO-5 and LTO-6 drives will not accept encryption
key requests over the primary fibre channel ports. This means that drives operating in FIPS
compliance cannot be used with application-managed encryption (AME), as the drive will
reject all key management commands. The partition configuration should be finalized before
enabling the FIPS feature if the backup environment involves a mix of both LME and AME, as
attempting to use a FIPS compliant drive in an AME partition will result in failures.

•

If the FIPS feature is enabled and you are also using Command View Tape Libraries Data
Verification functionality, the Data Verification partition must also be configured for LME in
order to allow for media from LME partitions to be verified.

Enabling Federal Information Processing Standards (FIPS)

49