HP Enterprise Secure Key Manager User's Guide

HP StoreEver MSL Tape LibrariesEncryption Key Server Configuration GuideAbstractThis document includes information on configuring HP StoreEver 1/8 G2

If you generated a new certificate, you must sign the new certificate in the Sign LibraryCertificate screen. Follow the instructions on the screen to

10. The Setup Summary screen displays the settings that were collected by the wizard. Verify thatthe settings are correct and that there are no errors

3 KMIP-based key server integrationThe HP StoreEver 1/8 G2 Tape Autoloader and tape libraries support integration with encryptionkey management server

Configuring the KMIP feature for the MSL6480With the Key Management Interoperability Protocol (KMIP) Wizard you can configure use of KMIPkey managemen

6. Verify that the KMIP feature is working. See “Verifying that the encryption key server integrationis working” (page 23).Using the KMIP Wizard1. In

Paste the certificate into the wizard and then click Next.5. The Library Certificate Information screen displays information about the next wizard ste

9. In the KMIP Server Configuration screen, enter the IP address or fully-qualified hostname andport number for up to ten KMIP servers. The default po

Configuring the KMIP feature for the 1/8 G2 Tape Autoloader and otherMSL Tape LibrariesThe EBS Matrix lists the compatible KMIP server models, the ser

Entering the KMIP client credentialsIn the RMI Configuration: Security page, enter the KMIP Client User Name and KMIP Client Passwordthat the autoload

Signing the client certificate on the serverNOTE: These instructions are for the SafeNet KMIP server. If you are using a different server,consult your

© Copyright 2014 Hewlett-Packard Development Company, L.P.The information contained herein is subject to change without notice. The only warranties fo

1. Using a text editor, copy the contents of the signed certificate and paste it into the SignedCertificate field. Include all of the certificate text

Configuring access to the key serversConfigure the KMIP servers in the KMIP Server Configuration pane of the Configuration: Securitypage. You can conf

22 KMIP-based key server integration

4 Verifying that the encryption key server integration isworkingHP recommends verifying that the encryption process is working before placing the auto

Autoloader and other MSL librariesRun the connectivity test from the Configuration: Security page. In the KMIP Diagnostics pane, clickTest Server Conn

To use 2048-bit certificates, update the autoloader or library to the current version and retry thetest. The earliest firmware versions that generate

6. Re-enable the ability of each server to communicate with the clients.This concludes the failover test.26 Verifying that the encryption key server i

5 Support and other resourcesContacting HPFor worldwide technical support information, see the HP support website:http://www.hp.com/supportBefore cont

6 Documentation feedbackHP is committed to providing documentation that meets your needs. To help us improve thedocumentation, send any errors, sugges

Contents1 Introduction...4Using an encryption key server..

1 IntroductionThis document includes information about configuring and using encryption key servers with the1/8 G2 Tape Autoloader and MSL Tape Librar

KMIP-based key serversThe 1/8 G2 Tape Autoloader and the MSL2024, MSL4048, MSL6480, MSL8048, and MSL8096Tape Libraries support integration with non-HP

Table 2 KMIP and ESKM encryption licenses (continued)License namePart numberLibraries• MSL4048• MSL8096Installing the encryption licenseThe license is

2 HP Enterprise Secure Key Manager (ESKM) integrationThe MSL6480 library supports integration of all versions of the ESKM using the ESKM protocol.Inte

5. The Library Certificate Information screen displays prerequisites for generating and signingthe certificate for the library. When you have verified

NOTE: This username and password must match the client username and password createdon the ESKM server.If the username and password have not already b