HP StoreEver MSL6480 Tape Library User and Service Guide - c03951924

HP StoreEver MSL6480 Tape Library
User and Service Guide Addendum

Abstract
This document provides information about features that were added to the HP StoreEver MSL6480 Tape Library after the HP
StoreEver MSL6480 Tape Library User and Service Guide (part number QU625-96001) was published. New features include
basic data and control path failover, a new graphical view of partition elements, support for the HP Enterprise Secure Key
Manager, a security user, a wellness test, and Japanese language option for the remote management interface (RMI).
HP Part Number: QU625-96016
Published: September 2013
Edition: 1
Copyright 2013 Hewlett-Packard Development Company, L.P.
The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express
warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall
not be liable for technical or editorial errors or omissions contained herein.
Acknowledgments
Intel, Itanium, Pentium, Intel Inside, and the Intel Inside logo are trademarks or registered trademarks of Intel Corporation or its subsidiaries
in the United States and other countries.
Microsoft, Windows, Windows XP, and Windows NT are U.S. registered trademarks of Microsoft Corporation.
Adobe and Acrobat are trademarks of Adobe Systems Incorporated.
Warranty
WARRANTY STATEMENT: To obtain a copy of the warranty for this product, see the warranty information website:
http://www.hp.com/go/storagewarranty
Contents
1 Introduction...............................................................................................4
Security user............................................................................................................................4
Performing the wellness test........................................................................................................5
Managing license keys..............................................................................................................5
User interface enhancements......................................................................................................5
Configuring the system language...........................................................................................5
Using the partition map graphical view...................................................................................5
Viewing library or partition configuration settings.....................................................................6
Configuring the encryption key manager type..........................................................................7
Configuring use of the MSL Encryption Kit....................................................................................7
Errata...................................................................................................................................11
2 Basic control path and data path failover....................................................12
HP LTO-5 and LTO-6 data path port failover overview..................................................................12
HP LTO-5 and LTO-6 control path failover overview......................................................................13
Technology for drive-assisted failover.........................................................................................14
Technology for data path port failover..................................................................................15
Technology for control path failover......................................................................................15
Traditional bridged library control path............................................................................15
Virtual library connection using NPIV...............................................................................16
Failover licenses.....................................................................................................................18
Configuring and verifying control path failover...........................................................................19
Configuration requirements after enabling control path failure..................................................19
Verifying control path failover..............................................................................................20
Hardware-specific requirements...........................................................................................20
Configuring data path port failover...........................................................................................21
Enabling data path port failover..........................................................................................21
Verifying data path port failover..........................................................................................21
3 HP Enterprise Secure Key Manager (ESKM) integration..................................22
ESKM license.........................................................................................................................22
Configuring use of the ESKM....................................................................................................22
4 Support and other resources......................................................................24
Contacting HP........................................................................................................................24
Related information.................................................................................................................24
Websites..........................................................................................................................24
Typographic conventions.........................................................................................................24
5 Documentation feedback...........................................................................26
Contents 3
1 Introduction
This document includes information about features added to the library after the user guide was
published. These features include:
Basic control path and data path failover. See Basic control path and data path failover
(page 12).
HP Enterprise Secure Key Manager support. See HP Enterprise Secure Key Manager (ESKM)
integration (page 22).
Security user. See Security user (page 4).
Wellness test. See Performing the wellness test (page 5)
Licensed features and license management support.
Licensed features:
ESKM integration
Control path failover
Data path failover
Add and view licenses from the RMI. See Managing license keys (page 5).
Manage licenses from HP Command View for Tape Libraries versions 3.7 and later.
HP 1/8 G2 and MSL Encryption Kit integration changes and enhancements. See Configuring
use of the MSL Encryption Kit (page 7).
Added the ability to back up a subset of encryption keys on the token. This makes it
possible to seed a new token with the most recently used keys from an earlier token.
Added support for automatic encryption kit key generation.
Disallowed creation of a new encryption key when media is loaded in any tape drive
that is configured for encryption.
User interface enhancements. See User interface enhancements (page 5).
Graphic view of partitions. See Using the partition map graphical view (page 5).
View of library or partition configuration settings. See Viewing library or partition
configuration settings (page 6).
Configuring the encryption key manager type. See Configuring the encryption key
manager type (page 7).
Japanese language option for the remote management interface (RMI). See Configuring
the system language (page 5).
Updates to the partition wizards and status displays to support the other new features.
Note that the Expert Partition Wizard is used to configure many advanced features, even
when the library is configured as a single partition.
Security user
The security user is required to configure library security features, such as HP 1/8 G2 and MSL
Encryption Kit and ESKM integration, and has access to all administrator functionality.
4 Introduction
The security password is required to log in as the security user. The default security password is
security. If the security password is lost, the service password is required to change the security
password.
HP recommends changing the security password to avoid unauthorized access to library
administrative and security functionality.
Performing the wellness test
The wellness test exercises basic library functionality. At the end of the test, cartridges will not be
in their original storage slots. The test will take the library offline to hosts for the duration of the
test.
CAUTION: The test can move cartridges between partitions.
To run the wellness test, navigate to the Maintenance > Library Tests > Wellness Test screen and
then click Start Test.
Managing license keys
License keys register licensed library functionality. From the Configuration > System > License Key
Handling screen you can add and view license keys.
1. Navigate to the Configuration > System > License Key Handling screen.
2. In the Add License Key pane, enter the License Key and then click Add License.
You can also manage library license keys from HP Command View for Tape Libraries versions
3.7and later.
User interface enhancements
Configuring the system language
The RMI is available in English and Japanese. From the Configuration > System > Language screen
you can choose the language for the RMI, including the online help.
Using the partition map graphical view
In the Status > Partition Map > Graphical View screen you can see a physical representation of
the cartridges in the storage slots, mailslots, and tape drives for each module. Expand the module
section to see the map for that module. The partition number is shown for each element. Hover
over the element for status and configuration information about the partition or drive.
Performing the wellness test 5
Viewing library or partition configuration settings
In the Status > Partition Map > Configuration Status screen you can see the current configuration
settings for a partition. Expand the sections for additional information.
NOTE: The configurations listed in this screen can be modified using the Expert Partition Wizard.
Partition Number The partition number assigned by the library
Partition Name The partition name assigned with one of the partition wizards
Partition S/N The partition serial number assigned by the library
Number of Drives The number of tape drives configured for the partition. Expand the section
to see information about each drive, including the drive number, LTO generation, interface,
and serial number.
Number of Slots The number of storage slots assigned to the partition
Number of Mailslots The number of mailslots assigned to the partition
Barcode Label Length Rep. to Host The number of barcode characters reported to the host
application.
Barcode Label Alignment Rep. to Host The end of the barcode label reported to the host
application when reporting fewer than the maximum number of characters. For example,
when reporting only six characters of the barcode label 12345678, if alignment is left, the
library will report 123456. If alignment is right, the library will report 345678.
Key Manager Type The type of encryption key manager configured for use with the partition.
Active Control Path Drive The tape drive that hosts the LUN for the partition
Passive Control Path Drive The tape drive that the library will use as an alternate if there
is a failure of the active control path drive.
CPF Setting Enabled when basic command path failover is enabled
DPF Setting Enabled when basic data path failover is enabled
6 Introduction
Configuring the encryption key manager type
The Configuration > Encryption screen displays the available data encryption key manager types
along with the status of each type. Only one encryption manager type can be configured for the
library at a time and it will be used for all tape drives and partitions.
To change the configured encryption key manager, select the key manager and then click Submit.
Configuring use of the MSL Encryption Kit
The Configuration > Encryption > USB MSL Encryption Kit screen displays information about the
token and provides access to enter the token PIN, and configure a new token. Access to this screen
is only available to the security user.
For additional information on using the MSL Encryption Kit, see the HP StoreEver MSL Encryption
Kit User Guide on the HP Business Support website: http://www.hp.com/support/manuals.
NOTE: Only one encryption method is allowed at a time and it is used for the entire library. If
the ESKM is active, the MSL Encryption Kit will not be used.
Entering the token PIN
Figure 1 Entering the token PIN
1. Navigate to the Configuration > Encryption > USB MSL Encryption Kit screen.
2. Verify that the correct token is available.
3. Enter the Token PIN and then click Submit.
Configuring use of the MSL Encryption Kit 7
Changing the token PIN
Figure 2 Changing the PIN or token name
2. Expand the Pin Management section.
3. Enter the current and new PINs.
The PIN must be at least 8 characters and no longer than 16 characters. The PIN must contain
at least one lower case letter, one upper case letter, and at least two digits.
4. Click Submit.
CAUTION: The key server token protects the encryption keys with a PIN. If you lose the PIN, you
will not be able to restore data from your encrypted tapes using that token. Neither you nor a
service engineer can recover a lost PIN. Keep a copy of the PIN in a safe place.
Changing the token name
2. Expand the Pin Management section.
3. Enter the new token name. The name can have up to 126 characters.
TIP: Using a descriptive name, including the dates when the keys on the token were used,
could be helpful if your log of tapes written with keys on the token is lost.
4. Click Submit.
8 Introduction
Generating a new write key
Figure 3 Managing encryption keys
2. Expand the Key Management section.
3. Click Apply.
Enabling and configuring automatic key generation
When automatic key generation is enabled, the library will automatically request the key server
token to generate a new key periodically, according to the policy you configure. Be aware that
when new keys are created automatically they are not backed up until you do so manually. To
avoid only having one copy of the new key, set the automatic key generation policy for a time
when you can back up the new key before tapes are written using the new key.
3. Set the policy for the new key generation frequency, and the date and time this will occur.
4. Click Submit to apply your selections.
Configuring use of the MSL Encryption Kit 9
NOTE: A key is not generated when the library time is advanced past a time when a new key
would have been generated. If you advance the library time, check the automatic key generation
policy to see whether a new key is needed, and if so, manually generate it.
One new key is generated if the library is off at a time when a new key would have been
automatically generated. To prevent a new key from being generated in this case, disable automatic
key generation before powering off the autoloader or library.
Backing up the token data to a file
HP recommends that the token data be backed up to a file each time an encryption key is added.
3. Enter a password to secure the backup file.
The password must be at least 8 characters and no longer than 16 characters. The password
must contain at least one lower case letter, one upper case letter, and at least two digits.
4. If you are creating a backup file to seed a new token, enter the number of keys to include in
the backup. The library will back up the highest-numbered keys, which are normally the most
recent.
5. Click Save.
Restoring token data from a backup file
3. Enter the token restore password. This is the password that was created when the token backup
file was created. It is generally NOT the token PIN.
4. Browse to the location of the token backup file on the local computer.
5. Click Restore.
Configuring an automatic key generation policy
3. Set the day of the week, time of day and frequency. A new key can only be generated when
no media is in a tape drive, so HP recommends selecting a time when all drives are unloaded.
4. Check Enabled.
5. Click Submit.
Enabling or disabling encryption
Encryption is enabled or disabled for all partitions and tape drives in the library.
10 Introduction
Figure 4 Enabling or disabling encryption
2. Expand the Enable/Disable Encryption section.
3. Click Enable or Disable.
Errata
The user guide contains the following errors and omissions:
All USB key interaction with the library should be done with FAT-32 formatted USB keys. The
library does not support USB devices formatted with LTFS or other file formats.
The regulatory model number listed in the user guide is incorrect. The correct regulatory model
numbers are:
LVLDC-1101-CM (Base module)
LVLDC-1101-EM (Expansion module)
The electrical specifications listed in the user guide are inaccurate. The correct power
specifications are:
Power 200 Watts (max)
Input requirements 100-120V, 200-240 VAC, 3.5 to 1.5 Amperes, 50 to 60 Hz
Errata 11
2 Basic control path and data path failover
With todays high dependency on access to business information, safe guarded data and limited
backup windows, the reliability of the backup hardware and software is vital. Backup operations
are usually automated, often done at night, and any first pass operator intervention is done remotely.
To assist with these enterprise demands, Hewlett-Packard has introduced two reliability enhancements
to MSL6480 tape libraries with LTO-5 and LTO-6 Fibre Channel tape drives.
Data path port failover where a standby path is configured for the data path to the tape drive
and activated following link failures.
Library control path port failover where a second drive is configured to host a standby library
control path that can be activated remotely following link failures.
Failover functionality in the HP LTO-5 tape drives and HP LTO tape libraries transfers the active
path and all settings to the standby path following failures.
HP LTO-5 and LTO-6 data path port failover overview
Data path port failover (see Data path port failover example configuration (page 13)) may be
configured on each dual-port Fibre Channel tape drive. When data path port failover is configured,
one link is active and is the primary data path. The second link is a standby data path. The drive
will verify that the second link is able to receive a Fibre Channel signal and complete speed
negotiation but the drive will not log into the SAN using the standby link.
NOTE: The LTO-5 half-height drive only has one FC port and does not support data path failover.
The drive monitors the links for errors and following detection of a fault, transfers the fabric identity
(world wide names) and all settings (mode parameters, encryption settings, etc.) over to the standby
link then activates that link. When properly configured the change is minimally disruptive to the
host and does not require any configuration changes on the host or in the backup application.
If no drive commands are outstanding when a failure is detected, the port change happens with
virtually no disruption to the SAN. If a command is outstanding on the link when a failure is detected,
the drive is not able to recover the command so that command will fail but the application will be
able to continue to use the drive on the new path. Many applications are able to recover from a
single command failure as long as the communication path to the drive is not lost.
Figure 5 Data path port failover example configuration
2. Standby data path 1. Primary data path
4. Standby data path 3. Primary data path
6. Dual-port FC tape drive 5. Dual-port FC tape drive
HP LTO-5 and LTO-6 control path failover overview
Library control path port failover (see Control path port failover example configuration (page 14))
may be configured with one drive hosting the path to the library controller and a second drive
configured as an alternate standby path to the library controller. The library connections will share
physical links with the drives but the library will have its own identity on the SAN. If data path port
failover is also configured, the library control path will follow the data path on link failures.
If the drive hosting the library control path fails, the library web interface may be used to take the
control path drive offline and the library control path identity (world wide names) and all settings,
(such as reservations and prevent/allow settings), will be moved over to the alternate master drive
automatically. When properly configured, the change is minimally disruptive to the host and does
not require any configuration changes on the host or in the backup application.
If no library commands are sent while the port is being reconfigured, the port change happens
with virtually no disruption to the SAN. Commands sent while the port is being reconfigured cannot
be processed and will fail. Applications that retry commands are able to use the library following
reconfiguration of the port. Applications that do not retry can be restarted remotely without making
any hardware configuration changes.
HP LTO-5 and LTO-6 control path failover overview 13
Figure 6 Control path port failover example configuration
2
8 7
1
4
3 5
6
2. Primary data path for drive 1 and active library control path 1. Library drive 1 (embedded in library)
4. Primary data path for drive 2 and standby library control path 3. Standby data path
6. Library drive 2 (embedded in library) 5. Standby data path
8. Primary library control path (logical via control link to drive) 7. Standby library control path (logical via control
link to drive)
Technology for drive-assisted failover
The drive-assisted failover features in HP LTO-5 and LTO-6 drives use Fibre Channel switched fabric
features to transfer a drive identity to a different port. The drive manages all of the SCSI
configurations so that the settings expected by the application are still present after the port change.
In a typical multi-path configuration the application must manage both paths and reconfigure the
drive any time the active path is changed.
Both data path port failover and control path port failover require at least one Fibre Channel switch
between the drive and the host to provide some of the features required for failover with minimal
host disruption.
Technology for data path port failover
The HP LTO-5 and LTO-6 Fibre Channel tape drives configure both ports with identical worldwide
names but only one port will connect to the fabric. By default the port that completes speed
negotiation first will become the active port. If the ports on the drive are connected to different
speed fabric the port connected to the highest speed fabric will typically complete speed negotiation
first. The MSL6480 uses the default behavior and does not allow selection of a preferred port.
Technology for control path failover
The HP LTO-5 and LTO-6 Fibre Channel tape drives use a technology called N-Port Identifier
Virtualization (NPIV), which is defined as part of the Fibre Channel standards maintained by the
INCITS/T11 working group (see clause 6) in the FC-LS-2 specification. NPIV allows a single physical
port to connect to a Fibre Channel switch multiple times using multiple node and port names.
Traditional bridged library control path
A typical connection for a Fibre Channel tape library using the drive to bridge commands to the
library controller in a two drive tape library is shown in Figure 7 (page 15).
Figure 7 Typical bridged library controller connection
1
1. Internal connection
Technology for drive-assisted failover 15
In the typical bridged library controller connection each tape drive has one physical link to the
SAN switch and connects to the SAN switch as one Fibre Channel device.
The tape drive hosting the library controller path connects as one Fibre Channel device containing
two logical units. The tape drive is logical unit number zero and the tape library is logical unit
number one. Both devices are considered to be in the same Fibre Channel device which is called
a Node. The tape library Fibre Channel node contains a tape drive logical unit and a media
changer logical unit. The logical view of the tape library is shown in Figure 8 (page 16).
Figure 8 Logical view of traditional configuration
1
2
3
2. Tape Drive at logical unit 0 1. Fibre Channel node
3. Library at logical unit 1
Virtual library connection using NPIV
When configured to use library control path port failover, the drive will use NPIV to connect the
library and the drive to a Fibre Channel switch as two different devices. The physical device
connection is the same as that shown in Typical bridged library controller connection (page 15)
with the internal connection between the library and the drives passing the host commands from
the drive to the library and the link from the drive to the switch being shared.
The logical view from the host is of three independent Fibre Channel devices. Two tape drives
appear as independent devices and neither tape drive contains a library controller logical unit.
The library controller appears as a third independent device even though it is sharing the physical
connection with one of the tape drives. The logical view and physical connections for a library
using NPIV and configured to use library control path port failover is shown in Figure 9 (page 17).
Figure 9 NPIV virtual library connection
1 2
2. Logical direct link to switch 1. Physical link to switch sharing drive link
With NPIV creating a virtual device on the switch port to which the drive is connected, both the
tape drive and the tape library are shown by the switch as independent devices even though they
are connected to the same physical port. Because the library is presented to the host as an
independent device it can be managed independently from the tape drive.
In NPIV virtual library connection (page 17), the tape library contains two drives with both tape
drives connected to a Fibre Channel switch. The library is presented as a virtual device using the
same link one of the tape drives in the figure.
When the tape library detects that the control path should fail over to an alternate path it is able
to disconnect the library from the physical link and reconnect the library to the switch over the link
used by the other drive without disrupting that link. Both drives could be active reading or writing
and the library can be moved without disrupting the drive activity. The logical connection following
a control path failover event is shown in Figure 10 (page 18).
Technology for drive-assisted failover 17
Figure 10 NPIV library connection following failover
1 2
2. Logical direct link to switch 1. Physical link to switch sharing drive link
NPIV library connection following failover (page 18) shows that the logical link for the library
has moved and now shares the same physical link as the top drive. No changes to the physical
cabling were required and any other activity on the links was not disrupted.
Failover licenses
The control path and data path failover features are licensed.
Table 1 Failover licenses
Description Part number
HP StoreEver MSL6480 Control path failover License TC359A
HP StoreEver MSL6480 Control path failover E-License TC359AAE
HP StoreEver MSL6480 Data path failover License TC360A
HP StoreEver MSL6480 Data path failover E-License TC360AAE
From the Configuration > System > License Key Handling screen you can add and view license
keys.
You can also use Command View for Tape Libraries 3.7 or newer versions to manage licenses.
Configuring and verifying control path failover
The library only supports control path failover when used in a Fibre Channel SAN and connected
as fabric devices. Control path failover is enabled independently for each partition in the library.
The minimum configuration is:
A partition with two or more LTO-5 or later generation dual-ported FC drives of the same type.
For example, the partition can contain two LTO-5 full-height drives or two LTO-6 half-height
drives, but not one of each.
A host connection via a SAN switch with NPIV enabled for associated ports.
The Control Path Failover license has been added to the library.
1. Launch the Expert Partition Wizard from the ConfigurationPartitionsExpert Wizard.
2. Select the partition that you want to configure and then click Edit.
3. Click Next until the Select Control Path Failover Type screen is displayed.
4. Check Enable Basic Control Path Failover (CPF) and then click Next.
5. In the Select Control Path Settings screen, select the active and passive control path drives,
and then click Next.
6. If you are also enabling data path failover, continue with the instructions in Enabling data
path port failover (page 21)
If you are only enabling control path failover, click Next until the Finish Configuration screen
is displayed. Verify the configuration settings and then click Finish.
7. Repeat the procedure to configure basic control path failover for additional library partitions.
Configuration requirements after enabling control path failure
When control path failover is enabled, the library is no longer presented as a logical unit behind
the tape drive and is assigned a new Fibre Channel node name. After configuring the control path
failover parameters, you might need to make additional changes:
Switches using world wide name zoning will have to be configured to allow access to the
library controller. If the switch interface does not allow manually entering a world wide name,
the zone for the primary control path can be configured and then a failover may be forced
to cause the secondary path to be enabled and the second zone configured. (To force a
failover, see Verifying control path failover (page 20)). The library world wide name can
be found in the Status > Library Status screen, as shown in Figure 11 (page 20).
Configuring and verifying control path failover 19
Figure 11 Library world wide name displayed on the Status > Library Status screen
Hosts connecting to the library might need to be rebooted if the operating system does not
support dynamic device detection.
Applications on hosts might need to be reconfigured to recognize the new library world wide
name.
Verifying control path failover
After enabling control path failover, verify the configuration of both ports. To verify both paths,
first verify that the hosts configured for access to the library are able to communicate with the
library. It might be necessary to modify switch zoning to enable access to the library. After host
access has been verified use the library front panel or RMI to power off the drive marked as Basic
(Active) in Status > Drive Status. If the library has multiple partitions, verify control path failover for
each partition.
After the library has powered off the active drive, the Library LUN indicator should move to the
passive drive. When the library has reported that the drive has been successfully powered off and
the LUN indicator has moved to the passive drive, verify that host connectivity to the library has
not changed. It might be necessary to configure switch zoning to allow host access.
After verifying library connectivity using each of the library control paths, the library control path
may be moved back to the original drive if so desired by clicking Failover on the Configuration >
Drives > Manual Control Path Failover screen.
Hardware-specific requirements
Brocade switches
For best reliability when control path failover is used Brocade switches should be running version
3.2.2e, 3.4.1b, or newer.
Cisco switches
Some Cisco switches that support NPIV do not have NPIV enabled by default. The Cisco MDS9148
may disable NPIV when power cycled.
To enable NPIV on a Cisco switch use: Cisco_Device_Manager > Admin > Feature_Control or use
the Cisco CLI commands show npiv status and npiv enable.
Configuring data path port failover
Enabling data path port failover
Data path failover can be used with the drive ports configured in loop mode or fabric mode. For
best results and compatibility with control path failover, HP recommends that the drive ports be
configured in fabric mode and connected to a switch.
1. Launch the Expert Partition Wizard from ConfigurationPartitionsExpert Wizard.
2. Select the partition that you want to configure and then click Edit.
3. Click Next until the Select Data Path Failover Settings screen is displayed.
4. Check the drives you want to enable for data path failover.
5. Click Next until the Finish Configuration screen is displayed. Verify the configuration settings
and then click Finish.
6. Repeat the procedure to configure basic data path failover for additional library partitions.
Verifying data path port failover
After data path port failover is enabled, verify the configuration in the Status > Drive Status screen.
After verifying that the configuration change was successful, verify that the hosts with access to the
tape drive are still able to communicate with the drive.
After verifying host access via the initial path, a data path port failover may be forced by
disconnecting the cable from the active port on the drive.
The drive status display shows which drive port is active and which port is in standby. After
disconnecting the cable from the active port verify that the library network management page port
status shows that the active port has changed. Reconnect the disconnected port and verify that it
shows as Standby. Verify that each host still has access to the tape drive.
If a particular port is the preferred active port and it is configured as Standby you can force selection
of a particular port as the active port by disconnecting the cable from the other port.
Configuring data path port failover 21
3 HP Enterprise Secure Key Manager (ESKM) integration
The library now supports the ESKM, which allows encryption keys and encrypted tapes to be
shared with other tape libraries that support the ESKM.
ESKM license
The ESKM feature requires a license.
Table 2 MSL6480 ESKM licenses
Description Part number
HP StoreEver MSL6480 ESKM Encryption License TC469A
HP StoreEver MSL6480 ESKM Encryption E-License TC469AAE
From the Configuration > System > License Key Handling screen you can add and view license
keys.
You can also use Command View for Tape Libraries 3.7 or newer versions to manage licenses.
Configuring use of the ESKM
With the ESKM Wizard you can configure use of the HP Enterprise Secure Key Management server
with the library. Access the wizard from the Encryption menu on the RMI, which is only available
to the security user and requires that the ESKM license has been added from the Configuration >
System > License Key Handling screen.
NOTE: The library only allows one encryption key manager type to be used at a time. For
example, if ESKM is enabled and in use, the MSL Encryption Kit cannot also be used for encryption
key generation and retrieval.
For additional information on configuring ESKM for use with the library, see the HP Enterprise
Secure Key Manager Configuration Guide for HP Tape Libraries.
Before running the wizard, verify that:
The library configuration is complete, including defining all library partitions.
A 1024-bit or 2048-bit server certificate for each HP ESKM device in the cluster has been
created.
The ESKM server certificate has been signed by the Certificate Authority (CA) you intend to
use and has been installed on the ESKM.
SSL is enabled on the ESKM KMS server.
The HP ESKM Management Console is open and ready for use. The ESKM Management
Console and library RMI are used together to configure the library for ESKM.
22 HP Enterprise Secure Key Manager (ESKM) integration
Using the ESKM Wizard
1. Click EncryptionESKM Wizard to start the wizard.
2. The Wizard Information screen displays information about the wizard. If the library
configuration is complete, click Next.
3. The Certificate Authority Information screen displays prerequisites for using the ESKM certificate.
When the prerequisites are met, click Next.
4. The Certificate Authority Certificate Entry screen displays instructions for obtaining the certificate
for the ESKM server. Follow the instructions to copy the certificate from the management
console. Paste the certificate into the wizard and then click Next.
5. The Library Certificate Information screen displays prerequisites for generating and signing
the certificate for the library. When you have verified that SSL has been enabled on the ESKM
device and that the ESKM management console is open and ready for use, click Next.
6. In the ESKM Client Configuration screen enter the username and password that the library will
use to communicate with the ESKM.
If the username and password have not already been set up on the ESKM device, follow the
instructions in the HP Enterprise Secure Key Manager User Guide to create a client account
for the library.
Enter the client username and password, and then click Next.
7. The Certificate Generation screen displays the current library certificate, if one exists. Select
whether to keep the current certificate or generate a new one and then click Next.
8. In the ESKM Tier Selection screen you can group ESKM devices into tiers so the library will
attempt to connect with ESKM devices in the top tier first, and then failover to connect with
ESKM devices in a lower priority tier if necessary. For example, you might put ESKM devices
in the same data center as the library in Tier 1 with ESKM devices in remote data centers in
Tiers 2 and 3.
One tier is used by default. To add a tier, click Add Tier.
Enter the IP address or fully-qualified hostname and port number for up to six ESKM devices
in each tier. To verify access to the ESKM devices, click Connectivity Check.
When the tier configuration is complete, click Next.
9. The Setup Summary screen displays the settings that were collected by the wizard. Verify that
the settings are correct and that there are no errors in the Done column. If you need to modify
setting or address issues, either click Back to reach the applicable screen or Cancel out of the
wizard to fix the issues and return later.
If the settings are correct and there are no errors, click Finish.
Configuring use of the ESKM 23
4 Support and other resources
Contacting HP
For worldwide technical support information, see the HP support website:
http://www.hp.com/support
Before contacting HP, collect the following information:
Product model names and numbers
Technical support registration number (if applicable)
Product serial numbers
Error messages
Operating system type and revision level
Detailed questions
Related information
The following documents [and websites] provide related information:
HP StoreEver MSL6480 Tape Library Getting Started Guide
HP StoreEver MSL6480 Tape Library User and Service Guide
HP Enterprise Secure Key Manager Configuration Guide for HP Tape Libraries
You can find these documents on the MSL6480 manuals page of the HP Business Support Center
website:
http://h20565.www2.hp.com/portal/site/hpsc/public/psi/manualsResults/?
sp4ts.oid=5386549
Websites
HP Technical Support website: http://www.hp.com/support
Net-SNMP website: http://www.net-snmp.net
Typographic conventions
Table 3 Document conventions
Element Convention
Cross-reference links and e-mail addresses Blue text: Table 3 (page 24)
Website addresses Blue, underlined text: http://www.hp.com
Bold text
Keys that are pressed
Text typed into a GUI element, such as a box
GUI elements that are clicked or selected, such as menu
and list items, buttons, tabs, and check boxes
Text emphasis Italic text
24 Support and other resources
Table 3 Document conventions (continued)
Element Convention
Monospace text
File and directory names
System output
Code
Commands, their arguments, and argument values
Monospace, italic text
Code variables
Command variables
Emphasized monospace text Monospace, bold text
WARNING! Indicates that failure to follow directions could result in bodily harm or death.
CAUTION: Indicates that failure to follow directions could result in damage to equipment or data.
IMPORTANT: Provides clarifying information or specific instructions.
NOTE: Provides additional information.
TIP: Provides helpful hints and shortcuts.
Typographic conventions 25
5 Documentation feedback
HP is committed to providing documentation that meets your needs. To help us improve the
documentation, send any errors, suggestions, or comments to Documentation Feedback
(docsfeedback@hp.com). Include the document title and part number, version number, or the URL
when submitting your feedback.
26 Documentation feedback

HP StoreEver MSL6480 Tape Library User and Service Guide - c03951924

Hochgeladen von

Dokumentinformationen

Originalbeschreibung:

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

HP StoreEver MSL6480 Tape Library User and Service Guide - c03951924

Hochgeladen von

Copyright:

Verfügbare Formate

HP StoreEver MSL6480 Tape Library

User and Service Guide Addendum

Das könnte Ihnen auch gefallen