Users Guide

ManualsBrandsDell ManualsComputer HardwarePowerVault TL4000

Dell

™

PowerVault

™

Encryption Key Manager

gkZ H;-

Summary of content (140 pages)

PAGE 1
Dell™ PowerVault™ Encryption Key Manager gkZ H;-
PAGE 2
PAGE 3
Dell™ PowerVault™ Encryption Key Manager gkZ H;-
PAGE 4
© 2007, 2010 Dell Inc. All rights reserved. L %! in VB $8B kv xL /fI v V@OY. n0Q fD8Ng Dell Inc.G -i BN xB 9&B -BOT ]vKOY. L .-! gkH Dell, DELL Nm W PowerVaultB Dell Inc.G s%TOY. b8 s% W s#& gkOB }N GB Li }NG &0; p^Ob 'X 8gG s% W s#! ; .-!- gkI v V@O Y. Dell Inc.B ZgG ML FQ s% GB s#! kX n0Q R/G5 .v J@OY.
PAGE 5
qw W2 . . . . . . . . . . . . . . . . . v % . . . . . . . . . . . . . . . . . vii -. . . . . . . . . . . L %! kQ $8 . . . . . L %G 6Z . . . . . . L %! gkH T" W kn VGgW . . . . . . . . . |C -{ . . . . . . . . Linux $8 . . . . . . . Microsoft Windows $8 . . BsN vx. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix ix ix ix . x . x . x . x . x Uz Pn_ R gW . . . . . . . . . . . xiii Dell ,t3 . . . . . . . . . . . . . .
PAGE 6
8: DOG SSL w. x#! CY#v J= 8: DOG TCP w. x#! CY#v J= 8: DO!- SSL w. x#& v$X_ T 8: DO!- TCP w. x#& v$X_ T -v C[ GP . . . . . . . . . . ?b- GP . . . . . . . . . . . v$H (g NW DOL Pb |kS . . . |. 0 zeR& NeR v x= . . . . 0 zeR& NeR v x= . . . . . . |[ 0 zeR& NeR v x= . . . . vxGv JB 6! . . . . . . . . . & 7 e (g 9Ze . . . . . (g 3d. . . . . . . . . (g 8: E3/v . . . . . Audit.event.types . . . . . Audit.event.outcome . . . . Audit.eventQueue.max . . . Audit.handler.file.directory . . Audit.handler.file.size . . .
PAGE 7
W2 1-1. 1-2. | 1-3. | 2-1. | 2-2. 2-3. | 2-4. | 2-5. | 2-6. | 3-1. Encryption Key ManagerG W !v b; DwM. . . . . . . . . . . . . 1-3 O#- $% #x W 0 |.! V; v V B N '! . . . . . . . . . . . . 1-5 k* O#- 0& gkO) O#1-8 LTO 4 GB LTO 5 WLA esLjG O #- 2b 6[ d; . . . . . . . . 2-5 LTO 4 GB LTO 5 WLA esLjG O #- Pb 6[ d; . . . . . . . . 2-6 _d DO iw " . . . . . . . . . 2-8 \O -v 8: . . . . . . . . . . 2-9 8:; x/OB N 3G -v . . . . . 2-10 0: e!! W<:OB -N Y% 8:G N 3G -v. . . . . . . . . . .
PAGE 8
vi Dell Encryption Key Manager gkZ H;-
PAGE 9
% 1. 1-1. 2-1. 2-2. 6-1. L %! gkH Nb T" . . . . . . O#- 0 d` . . . . . . . . . . Linux!-G VR RA.~n d8gW Windows!-G VR RA.~n d8gW Encryption Key Manager!- 8mH @y . ix 1-8 2-3 2-3 6-6 7-1. 7-2. 8-1. Encryption Key Manager! (g DO! 2B (g 9Ze /| . . . . . . . . 7-6 (gH L%.0 (g 9Ze /| 7-8 ^8%LM 68 bB |D . . . . . .
PAGE 10
viii Dell Encryption Key Manager gkZ H;-
PAGE 11
-. L %! kQ $8 L H;-!B Dell™ Encryption Key ManagerG 3! W [?! JdQ $8M v CgWL wTGn V@OY. GQ Y=! |Q 3d W |C ANCz! V@OY. v O#- !I LTO 4 W LTO 5 WLA esLj v O#- 0 v pvP Nu- L %G 6Z L %: _dQ %LMG 8H W iw; cgOB :d.v W 8H |.ZM n5 /f!- Encryption Key Manager -vG 3! W /v8v& vxOB gkZ& k s8N UOY. L %!-B 6Z! :d.v e! W W.v)! kQ G&{N vD ; ._zYm !$UOY. L %! gkH T" W kn L %!-B Y= Nb T"; gkUOY. % 1. L %! gkH Nb T" T" gk} =:< =:
PAGE 12
VGgW VGgW: ANW%, e!, C:[ GB %LM! UsI !I:L V=; *8@OY. VGgW!B @&% b#! T2 %CI v Vv8 Ws %CGvB J@OY. Y=: VGgW! kQ yCTOY. fm: esLv& gkO) L }w& v`OB fl WLA! U sI v V@OY. |C -{ Z
PAGE 13
Library Managed Encryption for Tape i-!-B LTO WLA O#-! kQ p| gJ& &xUOY. -.
PAGE 14
xii Dell Encryption Key Manager gkZ H;-
PAGE 15
Uz Pn_ R gW Dell ,t3 L9! EVOB m4: 800-WWW-DELL(800-999-3355)N |-OJC@. V: NM] ,aL 0:- Gn Vv J: fl!B 8E [e, we m<-, ;8- G B Dell &0 +;NW!- cgZ $8& #; v V@OY. Dell: )/ !v BsN, |- b] vx W -q: IG; &xUOY. L/Q IG : 9! W &0! {s Y#g, Q9!-B ON -q:& gkOv xR v5 V@O Y. 5w, bz vx GB m4 -q: .&N Dell! ,tOAi Y=; v`OJC@. 1. http://supportapj.dell.com/support/index.aspx; f.OJC@. 2. dLv G F!! VB Choose A Country/Region eS Yn ^:!- Xg 9 ! GB v*; .NOJC@. 3. dLvG ^J!- Contact Us& ,/OJC@. 4. Jd! {s {}Q -q: GB vx 5)& 1COJC@. 5.
PAGE 16
xiv Dell Encryption Key Manager gkZ H;-
PAGE 17
& 1 e WLA O#- 3d %LMB foB VB qnO: /f!- El _dQ !!& vOB Zx _ O*TO Y. 8HG _d:L N"GB vG!- L/Q %LM& 8#Om L! kQ W<:& &nOg %LM b3& .NOB ?C! !k:; /v8vOB bIL !e l1CG m V@OY. %LM O#-B L/Q 9: d8! kX d; Y v VB 58TOY. Dell Encryption Key Manager(LDNB Encryption Key ManagerN v*T))B O #- [w; \x-UOY. | LTO 4 W LTO 5 esLjB LTO 4 W LTO 5 %LM +..v! %LM& 2B fl Xg %LM& O#-R v V@OY. L uNn bI: -v!- v`GB O# -N NQ :I zO W 3. @vleG _} W |k b8! kQ qk; vbOv Jm5 zeH %LM! kQ -BQ 8H v\; _!UOY. WLA esLj O#- VgG: Y=z 0: < !v Vd dRN 8:KOY.
PAGE 18
DwM. Encryption Key ManagerB Java /f! wTGn V8g O# bI; 'X Java Security DwM.& gkUOY. Java Security DwM.! kQ Z
PAGE 19
W2 1-1. Encryption Key ManagerG W !v b; DwM. O#- |. Dell Encryption Key ManagerB WLA E<(WLA W +..v |D)! 5 $8& O#-OE* )b!- P8AB $8& O# X6OB % gkGB O#- 0& }:, 8#, ze W /v8vOB fl O#- !I WLA esLj& vxOB Java™ R A.~n ANW%TOY. Encryption Key ManagerB Linux(SLES W RHEL) W Windows!- [?Og, #MAsLn ; )/ '!! hwH x/ Zx8N iWsn e!- G`O5O 3hGn V@OY. mI` NMdL: ,sLp.B gkZ /f! BT Encryption Key Manager& gkZ $GOm LG [?; pOMR v VB m I <.& &xUOY.
PAGE 20
_d Encryption Key Manager #:. -v 8: $8: Dell Encryption Key Manager ANW%; #:.OB C:[: %LM /GG 'h; VR-Ob 'X ECC ^p.& gkR M; GeUOY. Encryption Key ManagerB O#- 0G }:; d;Om L i 0& LTO 4 W LTO 5 WLA esLj! |^OB bI; v`UOY. &H(O# -H) 0B 3. _ Encryption Key Manager! C:[ ^p.! h!UOY. +..v ! bOH %LM& 98(O# X6)R v V8Ai @y xL 0& {}Q WLA es Lj! |[X_ UOY. C:[ ^p.G q. @yN 0! UsGzm +..v! %L M& 5 ' L 0& gkOB fl, Xg +..v! 2)x %LMB 98R v x@O Y. (o, wD! O#& X6R v x@OY.) L/Q %LM @y! _}Ov J5O O B 8# e!! 6CGn V@OY.
PAGE 21
W2 1-2. O#- $% #x W 0 |.! V; v VB N '! @kANW% h~ Key ManagerMB 05N @kANW%: WLA :d.v!- %LM |[; C [UOY. vxGB @kANW%: :@kANW%!- |.OB WLA O#-;& |6OJC@. sLj/. h~ WLA :d.vG ]3e!(9: Dell PowerVault TL2000/TL4000 W ML6000 &0:L L! XgUOY. dr &xGB WLA sLj/.!B ;N! " WL A esLj! kQ ;N NMdL:! V@OY. @kANW%!- |.OB WLA O#L f}: n5 /f!- LL O#- $% W 0& }:Om |.R v VB @kA NW%; G`OB fl! !e {UUOY. O#-& gkR Cb& v$OB $%: @kANW% NMdL:& kX $GKOY. $% W 0B @kANW% h~z O# -Q WLA esLj # %LM fN& kX |^KOY.
PAGE 22
O#-& |.OB fl Y=z 0: VR v|G @kANW%; gkR v V@OY. v CommVault Galaxy 7.0 SP1 v Symantec Backup Exec 12 @kANW%!- |.OB WLA O#-B Y=z 0: LTO 4 W LTO 5 WLA | esLj!- vxKOY. v Dell™ PowerVault™ TL2000 WLA sLj/. v Dell™ PowerVault™ TL4000 WLA sLj/. v Dell™ PowerVault™ ML6000 WLA sLj/. O#- $% W 0 |. f}; KAi WLA iw RA.~n @kANW% .-& |6OJC@. sLj/.!- |.OB O#Dell™ PowerVault™ TL2000 WLA sLj/., Dell™ PowerVault™ TL4000 WL | A sLj/. GB Dell™ PowerVault™ ML6000 WLA sLj/.G LTO 4 W LTO | 5 WLA esLj!- L f}; gkUOY. 0 }: W |.
PAGE 23
Encryption Key Manager!-B k* W qk* 0& pN gkUOY. k* O#B gkZ GB #:. %LM& !. O#-OB fl!, qk* O#-B k* 0& 8#OB fl(S5! u @2)! gkKOY. keytoolz 0: /?.<& gkO) Encryption Key Manager! kQ O#- 0& }:R v V@OY. AES 0& }:OB %Sz L& WLA esLj! |[OB f D: O#- |. f}! {s Y(OY. W/* Encryption Key Manager!- O# - 0& gkOB f}z Y% @kANW%!- gkOB f} gLG wL& LXO i 5rL I v V@OY. Dell Encryption Key Manager!-G O#- 0 3. | sLj/.!- |.
PAGE 24
| GB O#-& v`OB T10 mI <.& gkOB @kANW%G fl LTO 4 W | LTO 5 WLA esLj& gkR v V@OY. T10 mI <.B @kANW%!- & xOB k* 256q. AES 0& gkUOY. T10: WLA +..vg m/Q )/ DK & gkR v V8g O#-H %LM W O] %LM& 0: WLA +..v! 5 v V@OY. @kANW%!- WLA +..v& O#-OB fl @kANW%!- G 0Q f}; gkO) DK& 1COE* }:Q D WLA esLjN |[UOY. 0 B qk* xk 0& gkO) &NGv J8g WLA +..v! zeGv J@OY. O#-H %LM! WLA! bOGi DKB %LM& P: x-kN @kANW%! - gk !IQ '!! Vn_ UOY. @kANW%!- |.OB O#- W sLj/.!- |.OB O#-! |Q WLA O#-! kQ AN<:B W2 1-3! *M V@OY. W2 1-3.
PAGE 25
& 2 e Encryption Key Manager /f h9 L =G!-B gkZ d8! B5O Encryption Key Manager& 8:OB % 5r L GB $8& &xUOY. O#- |+; 3$OB f}; h9OAi 9: dR& m AX_ UOY. O#- 3$ [w 3d WLA esLjG O#- bI; gkOAi Uz /$ RA.~n W Oe~n d8 gW; 87X_ UOY. L/Q d8gW; 87OB % 5rL G5O Y= !K q OL &xKOY. Encryption Key Manager 3$ [w WLA& O#-OAi Uz O#-Q WLA esLjM kER v V5O Encryption Key Manager& 8: W G`X_ UOY. WLA esLj& 3!OB ?H!B Encryption Key Manager& G`R Jd! xv8 O#-& v`OAi L& G`X _ UOY. v Encryption Key Manager -vN gkR C:[ C'{; a$OJC@.
PAGE 26
C{8N $GOAi 5-10 dLvG :adddrive;& |6OE* 4-1 dLvG :W LA esLj WLm Z? w%L.;& |6OJC@. – Encryption Key Manager -v& C[OJC@. 5-1 dLvG :Key Manager -v C[, uN m' W _v;& |6OJC@. – mI` NMdL: ,sLp.& C[OJC@. 5-6 dLvG :mI` NMdL: ,sLp.;& |6OJC@. sLj/.!- |.OB WLA O#- h9 O#-& v`OAi Y=L JdUOY. v O#- !I LTO 4 W LTO 5 WLA esLj | v 0 zeR v Dell Encryption Key Manager sLj/.!- |.OB WLA O#- [w 1. LTO 4 W LTO 5 WLA esLj& 3!Om ,aOJC@. | v sLj/. _~n(JdQ fl TL2000, TL4000, ML6000)& w%L.OJC @. http://supportapj.dell.
PAGE 27
Linux VgG DwM. n5 <& v RHEL 4 v RHEL 5 v SLES 9 v SLES 10 | v SLES 11 Encryption Key Manager(Linux!- G` _) % 2-1. Linux!-G VR RA.~n d8gW IBM Software Developer Kit Zx % gL. C'{ | 64q. AMD/Opteron/EM64T 32q. Intel® #/ Java 6.0 SR5 http://support.dell.com WLA sLj/. | Dell PowerVault TL2000 WLA sLj/., TL4000 WLA sLj/. W ML6000 | WLA sLj/.G _~n 9'L VENv .NOJC@. _~n& w%L.OAi | http://support.dell.com; f.OJC@. WLA esLj | LTO 4 W LTO 5 WLA esLjG _~n 9'L VENv .NOJC@. _~n | & w%L.OAi http://support.
PAGE 28
% 2-2. Windows!-G VR RA.~n d8gW (hS) n5 <& IBM Runtime Environment Windows 2008 W AMD64/EM64T 86G Windows! kQ IBM 64q. Runtime Environment, 2008 R2 Java 2 Technology Edition, v| 6.0 SR5 | | WLA sLj/. | Dell™ PowerVault™ TL2000 WLA sLj/., Dell™ PowerVault™ TL4000 WL | A sLj/. W Dell™ PowerVault™ ML6000 WLA sLj/.G _~n 9'L | VENv .NOJC@. _~n& w%L.OAi http://support.dell.com; f.OJ | C@. WLA esLj | LTO 4 W LTO 5 WLA esLjG _~n 9'L VENv .NOJC@. _~n | & w%L.OAi http://support.dell.com; f.OJC@.
PAGE 29
| LTO 4 GB LTO 5! 0& d;Oi Encryption Key Manager!-B WLA es Lj! v$H 0m; gkUOY. WLA esLj! v$H 0mL x8i symmetricKeySet 8: nO $8! v$H 0 0m |', 0 0m qO GB 0 Wl G 0mL gkKOY. WLA esLj! kQ /$ 0mL N7Oi 0& UnOT g kOb 'X wJN Y% #<
PAGE 30
3. d;!- 0m; v$Ov Jm esLj WLm! v$H 0mL x8i Encryption Key ManagerB keyAliasList! VB 0 Wl GB 0m <.!- 0m; 1CU OY. 4. Encryption Key ManagerB L! k@OB DK& 0 zeR!- !.IOY. 5. Encryption Key ManagerB 0m; DKiN //Om esLj! O# X6R v VB 0& gkO) DK& &NUOY. 6. Encryption Key ManagerB DK W DKi& WLA esLj! |[UOY. 7. WLA esLj! DK& &N X&Om O#-H %LM W DKi& WLA! 9 OY. W2 2-2!-B O#-H Pb 6[!- 0& 3.OB f}; 8)]OY. 4 5 DK 6 Key Manager 3 DKi Alias 1 Config File 2 Key store Drive Table | W2 2-2.
PAGE 31
Lj GB sLj/.M ,|H Xg Nu-& gkO) O#-H WLA& P; v V@OY. 0 zeR iw! GPOi O#-H %LM! kQ pg W<:& /GR v V@OY. L 0 zeR $8& iwOB %!B )/!v f}L V@OY. " 0 zeR /|6 Y m/Q /!L V@OY. Y=G O] v': pg fl! {kKOY. v 0 zeRN NeQ Nu-(8k PKCS12 |D DO) pNG g;; 8|UOY. v RACFM 0: C:[ iw bI; gkO) 0 zeR $8G iw g;; [:U OY. O#-Q WLA esLj& gkO) L g;; O#-Ov 6JC@. W/i 98 C O#& X6R v x@OY. v iw W eV 98 C )/ Zx8N b; W 86 Encryption Key Manager W 0 zeR g;; /v8vUOY. _!H )/ Zx8N b; W 86 pN!- 0 zeR& iwUOY. v JCEKS 0 zeRG fl 0 zeR DO; 9gOm <.
PAGE 32
a14m0241 W2 2-3. _d DO iw " 4. DO iw(Backup Files); ,/OJC@. 5. $8 ^Cv! az! %CKOY. iwk8N )/ 3G Key Manager vx Encryption Key ManagerB WLA esLj W sLj/.!- )/ Zx; gkO m m!k:; 8eO5O 3hGz@OY. {s- 0: WLA esLj W sLj/ .& vxOB )/ 3G Key Manager& gkR v V@OY. L/Q Key Manager! WLA esLj W sLj/.M 0: C:[! V; JdB x@OY. Vk Key Manager vB sLj/. GB AOC! {s Y(OY. TCP/IP ,a; kX WLA esLj!- gkR v Vb8 Oi KOY.
PAGE 33
V: ?b-!-B 0 zeR& wTOv J@OY. v?8N 9gX_ UOY. Encryption Key Manager -v 8: Encryption Key ManagerB \O -v GB )/ kG -v! 3!R v V@OY. Y= 9&!-B O*G Key Manager W N 3G Key Manager 8:; 8)Vv8 sLj/.!-B W Ls; ckR v5 V@OY. \O -v 8: \O -v 8:(W2 2-4 |6): !e \xQ |BG Encryption Key Manager 8: TOY. W/* )/ ZxL N7Ob '.! GeOvB J@OY. L 8:!-B p g WLA esLj! iw xL O*G Key Manager -v! G8UOY. -v! _ \Gi 0 zeR, 8: DO, KeyGroups.xml DO W esLj WLm; gkR v x8GN O#-H WLA& P; v x@OY. \O -v 8:!-B -v g;L / GH fl!5 0 zeR, 8: DO, KeyGroups.
PAGE 34
L El _dUOY. Q Key Manager -vG 8: DO W esLj WLm!- w %L.H gW: sync mI; gkO) Z?{8N Y% -v! 9&I v V@OY. W/* Q 0 zeR!- w%L.H gW: gk _N 0 zeR! /$Q f}; g kO) Y% 0 zeRN 9gX_ UOY. 0 zeR W 0 Wl XML DO; v? 8N 9gX_ UOY. Z
PAGE 35
eV 98 gL. mAgW eV 98(DR) gL.& gkOAB fl Encryption Key Manager!-B Xg g L.!- O#-H WLA& Pm 5 v V5O vxOB 9: IG; &xUOY. I G: Y=z 0@OY. v DR gL.!- _9 Encryption Key Manager Wq; [:UOY. DR gL.!- NC Encryption Key Manager Wqz 0: $8(8: DO, WL A esLj WLm, 0 Wl XML DO W 0 zeR)& gkOB _9 Encryption Key Manager Wq; 3$UOY. W/i L Key ManagerB Xg '!!- O# -H WLA& Pm 2x b8G &0 Key Manager _ O*& kER v V@O Y. v JdQ fl 98R v V5O < 3G Encryption Key Manager %LM DO i w g;; [:UOY.
PAGE 36
3Nk 0& gkO) &N X&KOY(3-14 dLvG :Keytool -importseckey& g kO) %LM 0 !.@b; |6). W/i 3Nk 0G 8/Z8 k* 0& &N X& R v V8GN |[ C k* 0& H|OT 8HR v V@OY. ZEG Encryption Key Manager 0 zeR!- %LM& O#-OB % gkGB k* 0& gkOi Y % 6w5 WLAG %LM& P; v V@OY. FIPS(Federal Information Processing Standard) 140-2 mAgW vg FIPS(Federal Information Processing Standard) 140-2B ,f $N! pg O # &xZ!T FIPS 140; NuO5O T$Oi- El _dX3@OY. !w Cn* B N# N.G ?BO
PAGE 37
& 3 e Encryption Key Manager W 0 zeR 3! Encryption Key ManagerB IBM Java Virtual Machine 3!M T2 &xGg Linuxk IBM Software Developer Kit W Windowsk IBM Runtime EnvironmentL Jd UOY(2-2 dLvG :Oe~n W RA.~n d8gW; |6). Y= _ gkZ n5 <&! BB }w& {#JC@. v :Linux! Encryption Key Manager 3!; v 3-3 dLvG :Windows! Encryption Key Manager 3!; Encryption Key Manager! VE v|Nv R.GQ fl, :VE v| Key Manager | ISO LLv YnNe;!- u v|L gk !IQv G0OB f}; 3mUOY. Java 3!! wTGv J; v5 V8GN VE Encryption Key Manager v|; 3!OB ML A@OY.
PAGE 38
3! ANW%L CD!- Oe esLjN n5 <&! {UQ pg ;k(.-, GUI DO W 8: nO $8 DO); 9gUOY. 3! _ C:[!-B CY% IBM JRE(Java Runtime Environment)! VBv .NUOY. __Gv J8i Z?8N 3!KOY. 3!! OaGi GUI(Graphical User Interface)! C[KOY. Linux!- v?8N Software Developer Kit 3! CD!- 3!Ov J: fl Y= \h& v`OJC@. 1. http://support.dell.com!- n5 <&! b]Q CY% Java Runtime Environment & YnNeOJC@. | v Java 6 SR 5(32q.) Ls | v Java 6 SR 5(64q.) Ls 2. [w p:d.! Java linux rpm DO; h!OJC@. | | | | mordor:~ #/tape/Encryption/java/1.6.
PAGE 39
Windows! Encryption Key Manager 3! 1. Dell Encryption Key Manager CD& pTOJC@. 3! ANW%L CD!- Oe esLjN n5 <&! {UQ pg ;k(.-, GUI DO W 8: nO $8 DO); 9gUOY. 3! _ C:[!-B CY% IBM JRE(Java Runtime Environment)! VBv .NUOY. __Gv J8i Z?8 N 3!KOY. 3!! OaGi GUI(Graphical User Interface)! C[KOY. 2. InstallShield 6}g! -.i Y=(Next); ,/OJC@. 3. sL>: h`; Pm 9(Yes)& ,/OJC@. 4. ks '! 1C(Choose Destination Location) "L -.i(W2 3-1) zu& 1 COm L& bOXNJC@. Encryption Key Manager G` C L Java fN! a14m0257 JdUOY. W2 3-1.
PAGE 40
5. L Java Runtime Environment& b; C:[ JVM(W2 3-2)8N gkR MN a14m0232 v /B "L -3OY. W2 3-2. b;*8N L JVM v| 3$ FO@(No)& ,/OJC@. 6. DO 9g C[(Start Copying Files) "L -3OY(W2 3-3). ks p:d.& a14m0258 bOXNn_ UOY. W2 3-3. DO 9g C[ " Y=(Next); ,/OJC@.
PAGE 41
7. sB "!- 3! x`; %CUOY. 8. jslz nO(Browser Registration) "L -3OY. Encryption Key Manager !- gkR jslz& 1COJC@. Y=(Next); ,/OJC@. 9. InstallShield 6}g Oa(InstallShield Wizard Complete) "L -.i Oa(Finish) & ,/OJC@. 3! D Y=z 0L mI ARA.& -n 3!H Java v|; 68R v V@O Y. | | | | | | C:₩WinEKM>C:₩"Program Files"₩IBM₩Java60₩jre₩bin₩java -version java version "1.6.0" Java(TM) SE Runtime Environment (build pwi3260sr5-20090529_04(SR5)) IBM J9 VM (build 2.4, J2RE 1.6.0 IBM J9 2.
PAGE 42
| _d: fN qOG Y% p:d.M 8PR v V5O fNG !!
PAGE 43
a14m0247 W2 3-4. EKM -v 8:(EKM Server Configuration) dLv Dell Encryption Key Manager 0 zeRk8N }:R v VB 0G v! &Q L xYm Ous5 d;GB 0G v! {s 0 }:! eB C#L u!UOY. Encryption Key Manager!- 103G 0& }:OB %! 15J! RdGg 10000 3G 0& }:OB %!B 30P LsL RdKOY. 0G vB #:. -v Zx (-vG ^p.)! GX &QHYB !! /GOJC@. Encryption Key Manager @kANW%: sLj/.! esLjG 0 d;; |[R ' 0! |#T W<: R v V5O G` _! C:[ ^p.G 0 zeR qO; /v8vUOY. V: 0 }: _! Encryption Key Manager GUI& NM4.Oi Encryption Key Manager& YC 3!X_ UOY.
PAGE 44
v u 0 Wl; _!OB _! Encryption Key Manager! NM4.H fl Encryption Key Manager -v& _vOm VE iw 0 zeR (x:₩ekm₩gui₩backupfiles zu! '!T)& gkO) 0 zeR DO; 9 xOJC@. iw DOG DO L'!B /%M C# RN (9: 2007_11_19_16_38_31_EKMKeys.jck)L wTGn V@OY. DOL x:₩ekm₩gui p:d.! 9gGi /%M C# RN; &EX_ UOY. Encryption Key Manager -v& YC C[Om L|! NM4.H 0 W l; _!OJC@. 4. :EKM -v Nu- 8:(EKM Server Certificate Configuration); dLv(W2 3-5)!- 0 zeR 0m W xOB _! %LM& TBOJC@. &b W -v Y a14m0243 C C[(Submit and Restart Server); ,/OJC@. W2 3-5.
PAGE 45
a14m0251 W2 3-6. _d DO iw " fN& .NOm iw(Backup); ,/OJC@. Dell Encryption Key Manager -vB iWsne!- G`KOY. :_d DO iw(Backup Critical Files); "!- Encryption Key Manager -v 8: GB iw(Backup); /fR ' .N(OK); )& '6Y Encryption Key Manager! iw DO <.& }:UOY. F+LjR DO qOG DO: c:/ekm/gui/BackupFlies p:d.! zeKOY. " DO L'!B /%M C#L 7NKOY. 9& in 2007b 11y 26O @D 2C 58P 46J! iwH DO < .!B L' U! ″2007_11_26_14_58_46_FileName″M 0: /%M C# RN L 7!KOY. iw DO: cD2Lv J@OY. 6.
PAGE 46
v Encryption Key Manager @kANW%L Linux C:[! 3!H fl Encryption Key Manager @kANW%: NC #:. VRB %COv8 G&G 0: IP w. B %COv J@OY. 1. #:. C:[G G& IP VR& KvOAi W.v) 8:! W<:O) IP w. VR& #8JC@. v Windows C:[G fl mI "; -m ipconfig& TBOJC@. v LinuxG fl isconfig& TBOJC@. EKM SSL w.& D0OB f} 1. mI`; gkO) Encryption Key Manager -v& C[OJC@. v WindowsG fl CDG c:₩ekm8N L?O) startServer.bat; ,/OJC@. v Linux C'{G fl /var/ekm8N L?O) startServer.sh& TBOJC @. v Z
PAGE 47
mI "; ]8JC@. | LTO 4 W LTO 5!- O#-! kQ 0 W 0m }: k* O#- 0& !e 1T }:OB f}: Dell Encryption Key Manager -v GUI & gkOB MTOY(3-6 dLvG :GUI& gkO) 8: DO, 0 zeR W Nu[:; |6). GQ Keytool /?.<& gkX5 k* O#- 0& }:R v V@O Y. Keytool: /w -N Y% 0 zeR gL!- 0& !.@m ;8> ' /kUO Y. Z
PAGE 48
8: nO $8 DO m} KeyManagerConfig.properties GB ClientKeyManagerConfig.properties DO; /f OAi Y=; v`OJC@. 1. Encryption Key Manager -v& _vOJC@. 2. xOB X:. m}b& gkO) KeyManagerConfig.properties DO(-v 8:; /fOB fl) GB ClientKeyManagerConfig.properties DO(,sLp. 8:; /fOB fl); )JC@. ^M '.! Linux C:[k DO; m}R '!B Windows& gkOv 6JC@. Windows& gkOB fl gvim/vim; gkO) DO; m}OJC@. 3. L .-G vCkN nO $8 *; /fOJC@. 4. DO; zeOJC@. 5. Encryption Key Manager -v& YC C[OJC@.
PAGE 49
[-keystore ] [-storepass ] [-storetype ] [-providerName ] [-providerClass [-providerArg ] ... [-providerPath ] L E3/vB Encryption Key Manager!- %LM 0& }:O) WLA O#-& | 'X LTO 4 W LTO 5 esLj! &xOB fl /w _dUOY. -alias \O %LM 0! Nb !IQ .Z& gkO) Vk 12ZN alias *; v$UO Y(9: abcfrg GB key123tape). -aliasrange )/ 3G %LM 0& }:OB fl aliasrangeB 3= 3Z. "NNB 5.Z Lm Y=! sQz OQ; *8;B OCG 16Z(16x) .Z-(Z?8N U! 0 L $v|)L Ln}OY.
PAGE 50
0 zeR O# /f V: 0 zeR O#& 3$Om *i 8H ']L _}Ov JB Q /fOv 6JC @. 8H kb 'h; xVb 'X O#B NDOb nFT 8in}OY. 0 ze R O#& /fOAi Y= keytool mI; gkO) 30{8N Xg 0 zeR G pg 0! kQ O#& /fX_ UOY. 0 zeR O#& /fOAi Y=; TBOJC@. keytool -keypasswd -keypass old_passwd -new new_passwd -alias alias -keystore keystorename -storetype keystoretype GQ Y= f} _ O*& gkO) O#& v$Q fl pg -v 8: DO nO $ 8!- 0 zeR O#& /fO5O KeyManagerConfig.properties& m}X_ UO Y. v NDOb nF5O 8inx pg O#& h&Om Y= C[ C Encryption Key Manager!- O#& /B ARA.
PAGE 51
-exportseckey [-v] [-alias | aliasrange ] [-keyalias ] [-keystore ] [-storepass ] [-storetype ] [-providerName ] [-exportfile ] [-providerClass ] [providerArg ] L E3/vB Encryption Key Manager!- %LM 0& ;8;b O) WLA O# | -& 'X LTO 4 W LTO 5 esLj! &xOB fl /w _dUOY. -alias \O %LM 0! Nb !IQ .Z& gkO) Vk 12ZN alias *; v$UO Y(9: abcfrg GB key123tape). -aliasrange )/ 3G %LM 0& ;8;B fl aliasrangeB 3= 3Z.
PAGE 52
/bin/keytool –genseckey –v –alias abcfrg –keyalg AES –keysize 256 –keypass password -storetype jceks –keystore path/filename.jceks LM 0L #bOi 63| 0m abcfrg! ){D8N L'L v$H 0 zeR! _ !KOY. L 0 zeR!B LL #bN }:H 2553 0m; wTOm V@OY. L #bN -keystore IG!- L'; v$Q jceks DO!B 2563 k* 05 }:KO Y. '!- gkQ 0m |' _ ON GB pg Wq W k* 0! zeH DO L'; O!C0Ai KeyManagerConfig.properties DO!- Y= `; _!O) symmetricKeySet nO $8& w%L.OJC@. CY#v J: 0m; v$Oi Encryption Key Manager! C[Gv J; v5 V@OY. /?: Kg! GPOB G Y% L/N q.
PAGE 53
! %CKOY. LM: xi KeyGroups.xml DO; 8. P.OB _ _}Q @yN, 0 Wl; gkO5O Encryption Key Manager -v& 8:Ov JRYi Encryption Key Manager -v& C[OB % fX! GvB J@OY. 0 Wl: Dell Encryption Key Manager -v GUI GB Y=z 0: CLI ,sL p. mI; gkO) teKOY(8.: 5-9 dLvG :CLI mI; |6). GUI& gkO) 0 Wl $G W 0 [: GUI& gkO) 0 Wl; |.OB % JdQ pg [w; v`R v V@OY. G Q _! 0& [:R v5 V@OY. V: Y= [w _ O*& v`OB ?H /f gW &b(Submit Changes); )#i Encryption Key Manager %LM DO; iwX_ T; K.B iw k- sZ "(3-9 dLvG W2 3-6)L -3OY. iw %LM& zeR fN& TBOJC@.
PAGE 54
a14m0248 W2 3-7. 0 Wl [: 4. u 0 Wl L', 0 0m8N gkR "NN W Wl! wTR 0 v& TBOJ C@. /f gW &b(Submit Changes); ,/OJC@. b; 0 Wl; /fOAi 1. GUI ^J! VB =vb!- |. mI(Administration Commands); ,/OJ C@. 2. |. mI(Administration Commands) 5*!- b; 2b 0 Wl [:(Change Default Write Key Group); 1COJC@(3-19 dLvG W2 3-8).
PAGE 55
a14m0244 W2 3-8. b; 2b 0 Wl /f 3. @%J! VB Wl qO!- u b; 0 Wl; 1COJC@. 4. "G G F!!- vg 0 Wl W u b; 0 Wl; .NOm /f gW &b (Submit Changes); ,/OJC@. /$ 0 Wl; /$ WLA esLj! v$OAi 1. GUI ^J! VB =vb!- |. mI(Administration Commands); ,/OJ C@. 2. |. mI(Administration Commands) 5*!- esLj! Wl v$(Assign Group to Drive); 1COJC@(3-20 dLvG W2 3-9).
PAGE 56
a14m0246 W2 3-9. esLj! Wl v$ 3. esLj qO!- WLA esLj& 1COJC@. 4. Wl qO!- 0 Wl; 1COJC@. 5. "G G F!!- esLj W 0 Wl; .NOm /f gW &b(Submit Changes); ,/OJC@. esLj WLm!- WLA esLj& h&OAi 1. GUI ^J! VB =vb!- |. mI(Administration Commands); ,/OJ C@. 2. |. mI(Administration Commands) 5*!- esLj h&(Delete Drive)& 1COJC@(3-21 dLvG W2 3-10).
PAGE 57
a14m0245 W2 3-10. esLj h& 3. esLj qO!- WLA esLj& 1COJC@. 4. "G G F!!- esLj L'; .NOm /f gW &b(Submit Changes); ,/OJC@. CLI mI; gkO) 0 Wl $G Encryption Key Manager!-B 0 <.& Wl-R v VB 0 Wl bI; &xU OY. Encryption Key Manager @kANW%; 3!O) 8:Om(0 zeR W 0! }: J) Encryption Key Manager -v& C[Q D ,sLp.& gkO) -v! NW NOm Y= \h& v`OJC@. 1. createkeygroup mI; G`OJC@. L mI: KeyGroups.xml DO!- VJG 0 Wl @j'.& [:UOY. L m I: Q x8 G`UOY. 8.: createkeygroup -password password -password *_! KvOb 'X KeyGroups.
PAGE 58
% gkGB passwordTOY. 0 zeRB 0 WlG 0& O#-Q D wJ kN " 30 0 Wl 0m O#& O#-UOY. {s- KeyGroups.xml D O!B O] |DG 0B 8gOv J@OY. 9&: createkeygroup -password a75xynrd 2. addkeygroup mI; G`OJC@. L mI: KeyGroups.xml!- m/Q Wl ID& gkO) 0 WlG N:O:& [:UOY. 8.: addkeygroup -groupID groupname -groupID KeyGroups.xml DO!- Wl; D0OB % gkGB m/Q groupnameT OY. 9&: addkeygroup -groupID keygroup1 3. addkeygroupalias mI; G`OJC@. L mI: /$ 0 Wl ID L\!5 0 zeR! VB b8 0 0m! kQ u 0m; [:UOY. 8.
PAGE 59
-symrec WLA esLj!- k* 0G alias GB 0 Wl L'; v$UOY. 9&: moddrive -drivename 000123456789 -symrec keygroup1 b. esLj WLm! u WLA esLj& _!Om L& 0 Wlz ,|C0A i adddrive mI; G`OJC@. L mI; gkOi esLj& _!Q D /$ 0 Wlz ,|C3 v V@O Y. 8.: adddrive -drivename drivename -symrec alias -drivename drivename: _!R esLjG 12Z. OC x#& v$UOY. V: Q 12Z.! G5O OC x# 10Z. U! 0; N 3 _!UOY. -symrec WLA esLj!- k* 0G alias GB Wl ID& v$UOY.
PAGE 60
-targetGroupID 0mL _!I Wl; D0OB % gkGB m/Q groupnameTOY. 9&: addaliastogroup -aliasID aliasname -sourceGroupID keygroup1 -targetGroupID keygroup2 V: 0B N 0 Wl!- pN gk !IUOY.
PAGE 61
& 4 e Encryption Key Manager 8: GUI& gkO) Encryption Key Manager 8: 8: nO $8 DO; [:OB !e ,n f}: 3-6 dLvG :GUI& gkO) 8 : DO, 0 zeR W Nu- [:;!- |C }w! {s Dell Encryption Key Manager GUI& gkOB MTOY. L }w& {% fl!B LL 8: DO; [: Q sBLGN _! 8:L JdOv J@OY. Y= $8B _! Encryption Key Manager 8: IGG e!; 0kOAB fl /kUOY. 8: |+ KeyManagerConfig.properties DOG ON 8: 3$!-B \` 3$; &xUOY. gkZB LN NQ 5b; Km Vn_ UOY. WLA esLj WLm Z? w%L.
PAGE 62
\, L/Q mG& 'X 8H $5! YngYB !; (HOJC@. e!! Z?8N _!Gn Nu- 0mz ,|I v Vb '.!(o, Xg Nu- 0m; gkO) WL A! 5 v V=), e!& v?8N _!OB [w; GJ[ ' |.Z! v`OB _ !H 8H Kg5 GJ]OY. {s- WLA esLj $8& esLj WLm! Z? 8N _!Om u e!! Nu- $8! W<:R v VB GQ; OC{8N N)O B [wL ckGB 8H 'hNv G0OAi L IGG e\!; E_OT r!X_ UOY. V: drive.acceptUnknownDrives nO $8B b;{8N falseN 3$Gn V@OY. {s- Encryption Key Manager!-B u esLj& esLj WLm! Z?8 N _!Ov J@OY. gkOAB pe& 1COm L! {s 8:; /fUOY. Z
PAGE 63
-drivetab esLj WLm $88 -ipaddr!- v$Q -vN |[UOY. -ipaddr ip_addr:sslportB vEx -vG VR W SSL w.& v$UOY. sslportB vE x -v KeyManagerConfig.properties DOG :TransportListener.ssl.port;! v $H *z O!X_ UOY. 1C{ Je -merge vEx -v!- u esLj WLm %LM& vg %LMM 4U(_!)UOY. 8 : DO: Ws YC 2b! !IUOY. b;*TOY. -rewrite vEx -v!- vg %LM& u %LMN Y_OY. Z? ?besLj WLm W nO $8 DO: b; Key Manager -v!- 86 -vN Z? |[I v V@OY. 86 -vB %LM ?b-& v`OB fl G`X_ UOY. b ; -v!- 86 -vN %LM& Z?8N ?b-OAi b; -vG KeyManagerConfig.
PAGE 64
8: b; gW V: 3-6 dLvG :GUI& gkO) 8: DO, 0 zeR W Nu- [:;G }w& v`Q fl b; 8:L LL [:Gz8GN F! \h& v`Ov JF5 KO Y. L $8!-B GUI& gkOv Jm Xg [w; v`OB f}; 8)]O Y. _! 8: IG; 0kOAB fl 5rL I v V@OY. Windows gkZ! kQ |m: WindowsG fl mI! xi; wTQ p:d. f N& gkR v x@OY. {s- mI; TBR ' Program Files kE progra~1z 0L }:H p: d.G *: L'; v$X_ UOY. p:d.G *: L'; *-OAi dir /x mI; G`OJC@. L }w!-B Encryption Key Manager 8:! JdQ VR \h& wTUOY. N O A!B -v 8: nO $8 DOG 9! in V@OY. -vM ,sLp. 8:G pg nO $8 qO; 8Ai NO B& |6OJC@. 1.
PAGE 65
c. Config.drivetable.file.url – Encryption Key Manager! KAx esLj! kQ $8! VB '!& v$UOY. L DO: -v GB CLI ,sLp.& C[Ob |!B JdOv J@OY. DOL xB fl Encryption Key Manager -vG C:[ >a _ [:KOY. d. TransportListener.ssl.keystore.name - 1 \h!- [:Q 0 zeRG D O L' W fN& v$UOY. e. TransportListener.ssl.truststore.name - 1 \h!- [:Q 0 zeRG D O L' W fN& v$UOY. f. Admin.ssl.keystore.name - 1 \h!- [:Q 0 zeRG DO L' W f N& v$UOY. g. Admin.ssl.truststore.name - 1 \h!- [:Q 0 zeRG DO L' W fN& v$UOY. h. config.keystore.file - 1 \h!- [
PAGE 66
T2 &xGB Dell Encryption Key Manager E
PAGE 67
& 5 e Encryption Key Manager |. Key Manager -v C[, uN m' W _v Encryption Key Manager -vB El 1T C[Om _vR v V@OY. -v& uN m!i Encryption Key Manager!- ^p.! VB 0 zeR, esL j WLm W 8: $8G vg ;k; 30 DON }AQ D ^p.N YC NeU OY. CLI ,sLp.& gkO) L/Q DwM.& /fQ D! uN m!b& G` OB ML A@OY. L/Q /fgW: Encryption Key Manager -v C:[ >a C Z?8N zeGv8 -v& uN m!B mI; G`Oi C:[ f9 GB $| C /f gW; /GR 'h; fvR v V@OY. Dell Encryption Key Manager GUI!- Encryption Key Manager -v& C[O JC@. 1. GUI& Fw C[Ov J: fl GUI& )JC@.
PAGE 68
a14m0249 W2 5-1. -v sB 4. -v sB! /fGi -v sB(Refresh Server) "! ]5KOY. W2 5-1; | 6OJC@. a14m0250 5. NWN "L %CKOY(W2 5-2). W2 5-2. NWN " gkZ L'! EKMAdmin; TBUOY. Jb O#B changeMETOY. NWNQ D chgpasswd mI; gkO) O#& /fR v V@OY. 5-11 dLvG :chgpasswd;& |6OJC@.
PAGE 69
V: v Dell Encryption Key Manager GUI! #:. IP VR& %COv xR v V@OY. vg GUI! {kGB Y=z 0: N !v &QgW '.! -v sB pOM (Server Health Monitor)! Encryption Key Manager #:. IP VR& % CR v x@OY. v vg @kANW%L IPV6& NDOv xOB flTOY. IPV6 VR& g kO) #:.& 8:OB fl, Encryption Key Manager @kANW%L IP VR& %CR v x@OY. v Encryption Key Manager @kANW%L Linux C:[! 3!H fl @ kANW%: NC #:. VRB %COv8 G&G 0: IP w.B %C Ov J@OY. #:. C:[G G& IP VR& KvOAi W.v) 8:! W<:O) IP w . VR& #8JC@. Windows C:[G fl mI "; -m ipconfig& TBOJC@.
PAGE 70
) Encryption Key Manager Java AN<:& %CR v V@OY. Windows -q: N G`Oi LaunchEKMServiceN %CKOY. -v& _vOAi F! 5-6 dLvG :mI` NMdL: ,sLp.;!- 3mQ f } _ O*& gkO) stopekm mI; G`OJC@. Key Manager AN<:! sigterm; |[OB M5 G O*G f}TOY. W/i -v! C:[ >aGm $s {8N >aI v V@OY. Key Manager AN<:! sigkill: |[Ov 6JC@. sigkill: AN<:& $s{8N >aC0v xUOY. 9& in Linux C:[!- kill -SIGTERM pid GB kill -15 pid& TBOJC@. Windows C'{!- Dell Encryption Key Manager! Windows -q:N C[GB fl &nG!- _vR v V@OY.
PAGE 71
V: fN qOG Y% p:d.M 8PR v V5O fNG !!
PAGE 72
-help Displaysgk} $8& %CUOY. -i Encryption Key Manager& Windows -q:N 3!UOY. L IGG fl 8: nO $8 DOG |< fN L'; NvN |^X_ UOY. b; fN W DO L': C:₩ekm₩gui₩KeyManagerConfig.propertiesTOY. -u u Ls Key Manager Windows -q:& -q:N G`R Jd! xB fl L& 3! &EUOY. 3! &EOb |! ]eC EKMServer -q:& _v X_ UOY. L mI; G`Oi Could not remove EKMServer. Error 0 z 0: @y ^Cv! %CI v V@OY. L ^Cv! %CG5 -q:& 3 ! &ER v V@OY. Encryption Key Manager& Windows -q:N 3!OAi Y= mI; G`O JC@. LaunchEKMService.exe -i config file 7.
PAGE 73
_dgW: Encryption Key Manager 8: DO; LM 0L /fOB fl!B Encryption Key Manager -v& _vOm GUI& ]F_ UOY. WindowsG n5 <& b] NuG fl KeyManagerConfig.properties!Server.authMechanism=LocalOS& Y=z 0L 3$OJC@. 1. KeyManagerConfig.properties DO(c:₩ekm₩gui p:d.); #8JC@. 2. xOB X:. m}b(WordPad! GeJ)& gkO) DO; )JC@. 3. Server.authMechanism .Z-; #8JC@. L .Z-L xB fl Server.authMechanism=LocalOS |D8N DO! .Z-; _!OJC@. 4. DO; zeOJC@. L& Encryption Key Manager -vG gkZ IDM O#! OS gkZ h$z O! UOY. -v! NWNO) mI; &bR v Vm |.Z /G; .
PAGE 74
mI` NMdL: ,sLp. C[ V: Encryption Key Manager -vM Encryption Key Manager CLI ,sLp. n O $8 DOG TransportListener.ssl.port nO $8! pN 0: *8N 3$G n Vn_ UOY. W8v J8i -N kER v x@OY. .&!L _}Oi 6-2 dLvG :CLI ,sLp. W EKM -v # kE .&! pvk;; |6OJC @. Encryption Key Manager CLI ,sLp.M Encryption Key Manager -vB kE 8H! SSL; gkUOY. ,sLp. NuL xB b; JSSE 8:; gkOB fl Encryption Key Manager -vG TransportListener.ssl.keystore! VB NuL TransportListener.ssl.truststore! 8gX_ UOY. L/Q fD8N ,sLp.B v& EZR v V=; KT KOY.
PAGE 75
UOY. Encryption Key Manager -vB b;{8N 10PL fzQ D! gkO v J: ,sLp.G kE RO; ]@OY. W LD! mI; TBOAm Oi , sLp.! >aKOY. Encryption Key Manager -v-,sLp. ROG C# > a b#; u fT v$OAi KeyManagerConfig.properties DOG TransportListener.ssl.timeout nO $8& v$OJC@. mI DO gk DOG O}3. mI; Key Manager -v! &bOAi G`R mI; wTOB DO(9: clifile); [:UOY. mI; G`OAi Uz ,sLp.! NWNX_ O GN L DOG 9 x0 mI: login mILn_ UOY. 9& in clifile!B Y = ;kL wTI v V@OY.
PAGE 76
-targetGroupID 0mL _!I Wl; D0OB % gkGB m/Q groupnameTOY. 9&: addaliastogroup -aliasID aliasname -sourceGroupID keygroup1 -targetGroupID keygroup2 adddrive u esLj& Key Manager esLj WLm! _!UOY. WLA esLj& es Lj WLm! Z?8N _!OB f}: 4-1 dLvG :WLA esLj WLm Z? w%L.;& |6OJC@. 0m d8gW! kQ $8B 2-4 dLvG :O#- 0 W LTO 4 W LTO 5 WLA esLj;& |6OJC@. | adddrive -drivename drivename [ -rec1 alias] [-rec2 alias][-symrec alias] -drivename drivename: _!R esLjG 12Z. OC x#& v$UOY. V: Q 12Z.! G5O OC x# 10Z. U! 0; N 3 _!UOY.
PAGE 77
-alias 0G u aliasnameTOY. -groupID 0 Wl XML DO!- Wl; D0OB % gkGB m/Q groupnameTOY. 9&: addkeygroupalias -alias aliasname -groupID keygroup1 chgpasswd CLI ,sLp. gkZ(EKMAdmin) b; O#& /fUOY. chgpasswd -new password -new L| O#& YYB u passwordTOY. 9&: chgpasswd -new ebw74jxr createkeygroup KeyGroups.xml DO!- VJG 0 Wl @j'.& [:UOY. Q x8 G`OJC @. createkeygroup -password password -password *_! KvOb 'X KeyGroups.xml DO!- 0 zeR O#& O#-OB % gkGB passwordTOY. 0 zeRB 0 WlG 0& O#-Q D wJkN " 30 0 Wl 0m O#& O#-UOY.
PAGE 78
delgroupalias 0 Wl!- 0 0m; h&UOY. delgroupalias -groupID groupname -alias aliasname -groupID KeyGroups.xml DO!- Wl; D0OB % gkGB m/Q groupnameTOY. -alias &ER 0 0mG aliasnameTOY. 9&: delgroupalias -groupID keygroup1 -alias aliasname delkeygroup |< 0 Wl; h&UOY. delkeygroup -groupID groupname -groupID KeyGroups.xml DO!- Wl; D0OB % gkGB m/Q groupnameTOY. 9&: delkeygroup -groupID keygroup1 exit CLI ,sLp.& >aOm Encryption Key Manager -v& _vUOY. LM 0: mI8N quit! V@OY.
PAGE 79
help mI` NMdL:G mIn W 8.; %CUOY. LM 0: mI8N ?! V@OY. help import v$H URL!- esLj WLm GB 8: DO; !.IOY. import {-merge|-rewrite} {-drivetab|-config} -url urlname -merge u %LM& vg %LMM 4UUOY. -rewrite vg %LM& u %LMN Y_OY. -drivetab esLj WLm; !.IOY. -config 8: DO; !.IOY. -url urlname: u %LM& !.C '!& v$UOY. 9&: import -merge -drivetab -url FILE:///keymanager/data/export.table list config.keystore.file nO $8!- L'; v$Q 0 zeR! wTH Nu-& *UOY.
PAGE 80
9&: list -vB 0 zeRG pg Wq; *-UOY. list -alias mycert -vB config.keystore.file 0 zeR! Nu-! VB fl mycert 0m!- gk !IQ pg %LM& *-UOY. listcerts config.keystore.file nO $8!- L'; v$Q 0 zeR! wTH Nu-& *UOY. listcerts [-alias alias -verbose |-v] -alias aliasB /$ Nu-& *-O5O v$UOY. -verbose|-v Nu-! kQ Z
PAGE 81
-ekmuser gkQ Nu /|! {s userID! EKMadmin GB localOS gkZ ID *; v $UOY(5-6 dLvG :CLI ,sLp. gkZ Nu; |6). -ekmpassword gkZ IDG CY% O#TOY. 9&: login -ekmuser EKMAdmin -ekmpassword changeME logout vg gkZ& NW@AUOY. LM 0: mI8N logoff! V@OY. L mI: , sLp.
PAGE 82
-rec2 esLj Nu-G N x0 alias(GB 0 9Lm)& v$UOY. -symrec WLA esLj!- k* 0G alias GB 0 Wl L'; v$UOY. 9&: moddrive -drivename 000123456789 -rec1 newalias1 refresh VE 8: E3/v& gkO) pvW, (g W esLj WLm *; uN m!5O Encryption Key Manager! vCUOY. 9&: refresh refreshks 0 zeR& uN m(OY. L mI: Encryption Key Manager -v& G`OB ? H 0 zeR! v$H fl config.keystore.file! v$H 0 zeR& YC NeOB % gkKOY. L mI: :I; 3n_1 v V8GN JdQ fl!8 gkUOY. 9&: refreshks status Key Manager -vG C[ GB _v )N& %CUOY.
PAGE 83
-config 8: nO $8 DO8 -ipaddr!- v$Q Encryption Key Manager -vN | [UOY. -drivetab esLj WLm $88 -ipaddr!- v$Q Encryption Key Manager -vN | [UOY. -ipaddr ip_addr:ssl:portB vEx Encryption Key Manager -vG VR W SSL w. & v$UOY. ssl:portB vEx -v KeyManagerConfig.properties DOG :TransportListener.ssl.port;! v$H *z O!X_ UOY. -merge u esLj WLm %LM& vg %LMM 4UUOY. 8: DO: Ws YC 2 b! !IUOY. b;*TOY. -rewrite vg %LM& u %LMN Y_OY. 9&: sync -drivetab -ipaddr remoteekm.ibm.
PAGE 84
5-18 Dell Encryption Key Manager gkZ H;-
PAGE 85
& 6 e .&! G0 30 DwM., )/ 3G DwM. GB Encryption Key ManagerG pg DwM. !- pvk; 3$R v V@OY. Y=G _d DO!- Encryption Key Manager -v .&! .N Encryption Key Manager! C[Gv J: fl Y= < 3 DO; .NO) .&! G xN; G0OJC@. v native_stdout.log W native_stderr.log – Encryption Key Manager -vB iWsne AN<:N G`Gb '.! O] {N $8 ^CvM @y ^Cv& %CR \VL x@OY. Li ^CvB native_stdout.log W native_stderr.log DO! bOKOY. – Encryption Key Manager -v nO $8 DO! debug.output.file nO $8 ! wTGn VB fl, native_stdout.log W native_stderr.
PAGE 86
R f}L xb '.! Encryption Key Manager! C[! GPUOY. b; Encryption Key Manager NW!B Y=z /gQ WqL wTKOY. native_stdout.log Server initialized Default keystore failed to load native_stderr.log at com.ibm.keymanager.KeyManagerException: Default keystore failed to load at com.ibm.keymanager.keygroups.KeyGroupManager.loadDefaultKeyStore (KeyGroupManager.java:145) at com.ibm.keymanager.keygroups.KeyGroupManager.init (KeyGroupManager.java:605) at com.ibm.keymanager.EKMServer.c(EKMServer.java:243) at com.ibm.keymanager.
PAGE 87
1. CLI ,sLp. nO $8G TransportListener.ssl.keystore W TransportListener.ssl.truststore! v$Gn VB 0 zeR! -v nO $8G Admin.ssl.keystore W Admin.ssl.truststore 0 zeRM ?OQ Nu-! wT Gn VBv .NOJC@. 2. ,sLp. nO $8G TransportListener.ssl.keystore.password! CY% O# ! VBv .NOJC@. 3. L 0 zeRG Nu-! pN 8bGv JRBv .NOJC@. JSSEB kE; 8HR ' 8bH Nu-B gkOv J@OY. v EKM CLI ,sLp. nO $8 DOL Pb |kTOY. 1. DO! kQ GQ GB S:; 8m EKM CLI ,sLp.& G`OB gkZ ! DO! kQ W<: W v$ GQL VBv .NOJC@. v EKM -v nO $8 DO! Server.
PAGE 88
EKM server is not started. File name for XML metadata file needs to be specified in the configuration file. Audit.metadata.file.name WqL 8: DO!- )tGz@OY. L .&!; $$OAi KeyManagerConfig.properties 8: DO! Audit.metadata.file.name nO $8& _!OJC@. Failed to start EKM.Mykeys. The system cannot find the specified file. 1. L @y ^CvB KeyManagerConfig.propertiesG 0 zeR WqL b8 DO ; !.0v J; ' _}UOY. 2. L .&!; $$OAi KeyManagerConfig.properties DO!- Y= WqL b 8G CY% 0 zeR DO; !.Q_ UOY. Admin.ssl.keystore.
PAGE 89
3. 8:! O#! xB fl nO $8 DO! VB 33 0 zeR WqL pN m/ Oi 38nv O#& /B ARA.! %CKOY. nO $8G Wq pN! 08 i Q x8 ARA.! %CKOY. Failed to start EKM. Invalid keystore format. 1. L @yB nO $8 DOG 0 zeR Wq _ O*! _xH 0 zeR /|L v$H fl _}UOY. 2. nO $8 DOG pg 0 zeR WqL 0: DO; !.0i Encryption Key ManagerB pg 0 zeRG 0 zeR /|8N config.keystore.type *; gk UOY. 3. nO $8 DO! /$ 0 zeR! kQ /| WqL x8i Encryption Key ManagerB /|; jceksN !$UOY. Failed to start the server. Listener thread is not up and running.
PAGE 90
Error: Unable to find Secretkey in the config keystore with alias:MyKey. nO $8 DOG symmetricKeySet WqL config.keystore.file! xB 0 0m; w TUOY. L .&!; $$OAi KeyManagerConfig.propertiesG config.keystore.file Wq ! v$H 0 zeR DO! VB 0m8 wTO5O 8: DO!- symmetricKeySet Wq; v$OJC@. GB 0 zeR! )tH k* 0& _!OJC@. Z
PAGE 91
% 6-1. Encryption Key Manager!- 8mH @y (hS) @y x# EE0F | | 3m 6! O#- m. @y: ;N @y: ″9sOv xQ @y. Encryption Key ManagerG VE v|; G`Om EKMG ;N ANW!V @y.″ VBv .NOJC@. (VE v|; G0OAi 3-1 dLvG :VE v| Key Manager ISO LLv Y nNe;& |6OJC@.) JdQ fl esLj G B AOC -v _~n v|; .NOm VE 1. :N w%L.OJC@. Key Manager -v!- p vW _{; 3$OJC@. .&!; gvOm pvW NW& v}OJC@. .&!L vSGi L % -. ! *@B :Uz Pn_ R gW; =GG :Dell , t3;& |6O) bz vx; .GOJC@. @y: CSNDDSV #b C Oe~n @y _}. Oe~n O#& gkOB fl ICSF& C[_Bv returnCode 12 reasonCode 0. .
PAGE 92
% 6-1. Encryption Key Manager!- 8mH @y (hS) @y x# 3m EE2B O#- Pb ^Cv GP: ;N @y: ″DSK! -m Encryption Key ManagerG VE v|; G`Om L xE* DSKG -m; .NR v x@OY.″ VBv .NOJC@. (VE v|; G0OAi 3-1 dLvG :VE v| Key Manager ISO LLv Y nNe;& |6OJC@.) JdQ fl esLj G B AOC -v _~n v|; .NOm VE 1. :N w%L.OJC@. Key Manager -v!- p vW _{; 3$OJC@. .&!; gvOm pvW NW& v}OJC@. .&!L vSGi L % -. ! *@B :Uz Pn_ R gW; =GG :Dell , t3;& |6O) bz vx; .GOJC@. EE2C O#- Pb ^Cv GP: QueryDSKParameterError: ″e!!- QueryDSKMessage 8. P. _! @y _}.
PAGE 93
% 6-1. Encryption Key Manager!- 8mH @y (hS) @y x# 3m 6! EE31 O#- 8: .&!: 0 zeRM |CH @y! _ b;*8N 8:GzE* gkOAB 0 9Lm; . }_@OY. NOJC@. listcerts mI; gkO) Encryption Key Manager!- gk !IQ Nu-& *-R v V@OY. b;*; gkQYB gG; Km VB f l Encryption Key Manager -v!- listdrives -drivename drivename mI; G`O) esLj! CY#T 8:GzBv .NOJC@(9: esLj O C x# W LM ,|H 0m/0 9LmL CY%v .N). .&! GB esLj! LM ,|H 0m/0 9LmL xB fl default.drive.alias1 W default.drive.alias2 *; .NOJC@. L f}L 5 rL Gv JE* 0m/0 9LmL VB fl pv W NW& v}OJC@.
PAGE 94
^Cv Y= ^CvB Encryption Key Manager!- }:Og |. \V! %CR v V@O Y. 8: DOL v$Gv J= X:. Configuration file not specified: KeyManager Configuration file not specified when starting EKM. 3m KMSAdmin mI; gkOAi 8: DO; mI` E3/vN |^X_ UOY. C:[ @d ANW%L _vKOY. n5Z @d 8: DO; &xOm mI; YC C5OJC@. esLj _! GP X:. Failed to add drive. Drive already exists. 3m LL esLj! Encryption Key Manager! 8:Gn esLj WLm! V8GN adddrive mI! GP_@OY. n5Z @d listdrives mI; G`O) esLj! Encryption Key Manager! LL 8:Gn V Bv .NOJC@.
PAGE 95
3m NW DO L'; Y\ v x@OY. n5Z @d Xg esLjG DO GQ W x#; .NOJC@. 8: h& GP X:. “modconfig” command failed. 3m modconfig mI; gkO) Encryption Key Manager 8:; h&R v x@OY. n5Z @d help& gkO) CY% E3/v& &x_Bv mI 8.; .NOJC@. Z
PAGE 96
C:[ @d Encryption Key Manager -v! C[Gv J@OY. n5Z @d v$H URLL Vm L! kQ Pb GQL VBv .NOJC@. help& gkO) m I 8.; .NOJC@. E3/v! CY%v .NOm YC C5OJC@. 8: v$ GP X:. “modconfig” command failed. 3m modconfig mI; gkO) Encryption Key Manager 8:; v$R v x@OY. n5Z @d help& gkO) CY% E3/v& &x_Bv mI 8.; .NOJC@. Z
PAGE 97
3m Encryption Key Manager 8: DOG Audit.handler.file.size nO $8 *L gv)_ UOY. C:[ @d Encryption Key Manager! C[Gv J@OY. n5Z @d Audit.handler.file.size! CY% }Z& v$Om Encryption Key Manager& YC C[OJC@. ?b-R %LM x= X:. No data can be found to be synchronized with “sync”. 3m sync mI!- ?b-R %LM& D0R v x@OY. n5Z @d &xH 8: DOL VBvM config.drivetable.file.url; gkO) 8: DO! esL j WLmL &kN 8:GzBv .NOJC@. help& gkO) 8.; .NOm sync mI; YC C5OJC@. CY#v J: TB X:. Invalid input parameters for the CLI. 3m /$ mI 8.
PAGE 98
8: DOG SSL w. x#! CY#v J= X:. Invalid SSL port number specified in the EKM configuration file. 3m 8: DO! &xH SSL w. x#! CY% x#! FUOY. C:[ @d Encryption Key Manager! C[Gv J@OY. n5Z @d Encryption Key Manager& C[R ' 8: DOG TransportListener.ssl.port nO $8! CY% w. x#& v$Om YC C[OJC@. 8: DOG TCP w. x#! CY#v J= X:. Invalid TCP port number specified in the EKM configuration file. 3m 8: DO! &xH TCP w. x#! CY% x#! FUOY. C:[ @d Encryption Key Manager! C[Gv J@OY.
PAGE 99
C:[ @d Encryption Key Manager! C[Gv J@OY. n5Z @d TransportListener.ssl.port nO $8! CY% w. x#& v$Om Encryption Key Manager& YC C[OJC@. 8: DO!- TCP w. x#& v$X_ T X:. TCP port number is not configured in the properties file. 3m TCP w. x#B 8: nO $8 DO!- 8:R Jv nO $8TOY. L Wq: esLjM Encryption Key Manager # kE! gkKOY. C:[ @d Encryption Key Manager! C[Gv J@OY. n5Z @d TransportListener.tcp.port nO $8! CY% w. x#& v$Om Encryption Key Manager& YC C[OJC@. b; TCP w. x#B 3801TOY. -v C[ GP X:.
PAGE 100
3m N Encryption Key Manager -v gL!- %LM& ?b-OB sync 6[! GP _@OY. n5Z @d x] Encryption Key Manager -v! v$H IP VR! CY#g D;M! W<:R v VBv .NOJC@. 8: DOL Vm CY% esLj WLm $8& wTOBv .NOJC@. help& gkO) sync mI 8.; .NOJC@. Z
PAGE 101
n5Z @d 8: DO 3$; .NOJC@. Encryption Key Manager 8: DO! admin.keystore.file, admin.keystore.provider W admin.keystore.type n O $8! CY%v(NO B |6)M 0 zeR DOL Vm L! kQ Pb GQL V Bv .NOJC@. admin.keystore.password nO $8& kX |. 0 zeR! &xGzE* mI`! TBQ O#! CY%v .NOJC@. Encryption Key Manager & YC C[OJC@. 0 zeR& NeR v x= X:. Keystore for EKM can not be loaded. 3m Encryption Key Manager! &xH 0 zeR& NeR v x@OY. C:[ @d Encryption Key Manager! C[Gv J@OY. n5Z @d 8: DO 3$; .NOJC@. Encryption Key Manager 8: DO! config.
PAGE 102
n5Z @d 8: DO 3$; .NOJC@. Encryption Key Manager 8: DO! transport.keystore.file, transport.keystore.provider W transport.keystore.type nO $8! CY%vM 0 zeR DOL Vm L! k Q Pb GQL VBv .NOJC@. transport.keystore.password nO $8& k X |. 0 zeR! &xGzE* mI`! TBQ O#! CY%v .NOJC@. Encryption Key Manager& YC C[OJC@. vxGv JB 6! X:. User entered action for the CLI which is not supported for EKM. 3m sync mI! &xH 6!! Encryption Key Manager!- vxGv JE* NDGv J@OY. CY% 6!& 4UOE* YC [:UOY. n5Z @d help& gkO) mI 8.; .
PAGE 103
& 7 e (g 9Ze V: L e!- 3mOB (g 9Ze |D: ANW!V NMdL:N #VGv J@O Y. L 9Ze |D: 1.:6Y /fI v V@OY. L e!-B ON (g 9 Ze& 8. P.OAB fl! kqO) Xg |D; 3mUOY. (g 3d (g -j C:[: Encryption Key Manager!- d;; 3.OB _ (g !IQ YgQ L%.! _}Oi OCG xw DO! X:. (g 9Ze& 9OY. (g j C:[: DO! Wq; 9OY. L' p:d. W DO L'; gkZ! 8:R v V@OY. L DOG )b5 8: !IUOY. DO! 9Ze& 2Y! DO )b! 8 : !IQ )b! 5^Oi DO; ]m vg C#RN! {s DO L'; Y[ D Y% DO; -n uN [:Q L DO! 9Ze& 9OY.
PAGE 104
all pg L%. /| authentication Nu L%. data_synchronization Encryption Key Manager -v gL!- $8& ?b-OB _ _} OB L%. runtime Encryption Key Manager! 8;B 3. [w W d; _ _}OB L%. configuration_management 8:; /fOB fl _}OB L%. resource_management Encryption Key Manager!- Zx(WLA esLj) 3$; /fOB fl _}OB L%. 9& L 8: *! kQ 9& :e: Y=z 0@OY. Audit.event.types=all Y=: G Y% 9&TOY. Audit.event.types=authentication;runtime;resource_management Audit.event.outcome 8. Audit.event.
PAGE 105
gk} ^p. %!- 8/R Vk L%. @j'. v& 3$OB % gkKOY. L E3/ vB 1C{Lv8 gkL GeKOY. b;*: 0TOY. 9& Audit.eventQueue.max=8 Audit.handler.file.directory 8. Audit.handler.file.directory=directoryName gk} L E3/vB (g 9Ze DO; a_ OB p:d.& %COB % gkKOY. L p:d.! x8i Encryption Key Manager!- p:d. [:; C5UOY. W/ * :xOv xOi Encryption Key Manager! C[Gv J@OY. {s- Encryption Key Manager& G`Ob |! Uz p:d.! VB ML A@OY. GQ Encryption Key Manager& G`OB gkZ ID! v$H p:d.! kQ 2b W<: GQL Vn_ UOY. 9& p:d.
PAGE 106
Audit.handler.file.name 8. Audit.handler.file.name=fileName gk} L E3/v& gkO) v$H (g p:d. ;!- (g NW DO; [:R ' b ; L'8N gkR b; DO L'; v$UOY. L E3/v!B b; DO L'8 wTOm O|Q fN L': wTOi HKOY. (g NW DOG |< L'!B D O [: C#! XgOB *L L L'! _!KOY. L& %COb 'X Audit.handler.file.name *; ekm.logN 3$OB 9&& mAU OY. L fl DOG |< L': ekm.log.2315003554M /gQ |D; gkUO Y. _!H .Z-: (g NW DO; [:Q x-& G0OB % 5rL Gb5 UO Y. }Z! t;vO VE (g NW DO; *8@OY. 9& b; L'; ekm.logN 3$OB 9&B Y=z 0@OY. Audit.handler.file.name=ekm.log Audit.
PAGE 107
gk} L E3/vB :9e! (g NW Wq; 2B % JdQ Vk 9s C#; v$OB % gkKOY. L *: :9e! NM4.Gb |! [w; OaR v V5O $. 3 .& v`OB _! gkKOY. iWsne :9e! threadlifespan E3/v! Rg H C# ;! [w; OaOv xOi $. 3.! C[Gm :9e! NM4.KOY. 9& :9e! (g NW! 2B % I.B 9s C#; 10JN 3$OAi Y=; v$U OY. Audit.handler.file.threadlifespan=10 (g 9Ze |D pg (g 9ZeB )b- 3mOB Mz /gQ bB |D; gkUOY. pg (g 9ZeB _}Q (g L%.! /$Q $8M T2 C#RN W 9Ze /|; qT Q n !v xk $8& wTUOY. (g 9ZeG O] |D: Y=z 0@OY. AuditRecordType:[ timestamp=timestamp Attribute Name=Attribute Value ..
PAGE 108
% 7-1. Encryption Key Manager! (g DO! 2B (g 9Ze /| (g 9Ze /| (g /| 3m Nu authentication Nu L%.& bOOB % gkKOY. %LM ?b- data_synchronization %LM ?b- 3.& bOOB % gkKOY. 18S runtime d;; 3.OB _ Encryption Key Manager -v!- _}OB )/ _d 3. L%.& b OOB % gkKOY. Zx |. resource_management Encryption Key Manager!- Zx; 8:O B f}! kQ /f gW; bOOB % gk KOY. 8: |. configuration_management Encryption Key Manager -vG 8:! k Q /f gW; bOOB % gkKOY. (g 9Ze S: Y= qO!-B " (g 9Ze /|!- gk !IQ S:; 8)]OY. Nu L%.
PAGE 109
18S L%. L 9ZeG |D: Y=z 0@OY. Runtime event: timestamp=timestamp event source=source outcome=outcome event type=SECURITY_RUNTIME message=message resource=resource action=action user=user ] message W user *: L! kQ $8! gk !IQ fl!8 *83OY. Zx |. L%. L 9ZeG |D: Y=z 0@OY. Resource management event: timestamp=timestamp event source=source outcome=outcome event type=SECURITY_MGMT_RESOURCE message=message action=action user=user resource=resource ] message *: L! kQ $8! gk !IQ fl!8 *83OY. 8: |. L%.
PAGE 110
(gH L%. % 7-2!-B (g 9Ze& [:OB L%.& 3mUOY. WLm!B L L%.! _ }R ' bOGB (g 9Ze /|L *-Gn V@OY. % 7-2. (gH L%.0 (g 9Ze /| (gH L%. (g 9Ze /| gkZ Nu :x authentication gkZ Nu GP authentication Y% EKM! %LM& |[OB % :x data_synchronization Y% EKM! %LM& |[OB _! @y _} data_synchronization sync mI 3. :x data_synchronization sync mI; 3.OB _! @y _} data_synchronization mI` 3. C[ runtime exit mI vE runtime K v xB mI TB runtime esLj!- ^Cv vE runtime esLj!- ^Cv& 3.
PAGE 111
% 7-2. (gH L%.0 (g 9Ze /| (hS) (gH L%. (g 9Ze /| listcerts mI :x resource_management esLj& esLj WLm! _!OB % :x resource_management esLj& esLj WLm! _!OB _! @y resource_management _} listdrives mI :x resource_management listdrives mI; 3.
PAGE 112
7-10 Dell Encryption Key Manager gkZ H;-
PAGE 113
& 8 e ^8%LM gk %LM& O#-Om WLA! 2B fl _dQ %LM& 83OB XML DO; [ :O5O Encryption Key Manager& 8:X_ UOY. L DO: <} OC x#N 68O) <}!- gkGB 0m GB 0 9Lm; %CR v V@OY. ]kN 0m 8N 68O) Xg 0 9Lm/0mz ,|H pg <}; %CR v5 V@OY. V: ^8%LM DO; 8:Ov J8i Encryption Key Manager! C[Gv J@O Y. O#- 3.& v`Oi Encryption Key Manager!- Y= %LM& v}UOY. v esLj OC x# v esLjG WWN(WorldWideName) v &[ /% v 0 0m 1 v 0 0m 2 v DKi v VolSer v}Q %LM! O$ Qh! 5^Oi XML DO! bOKOY. Encryption Key Manager nO $8 DO(KeyManagerConfig.
PAGE 114
XML DO |D DO!B Y=z 0: |DG 9Ze! V@OY. FVTDRIVE0000 TESTER -Drive Serial Number -Volume Serial 57574E414D453030 cert2 -Key Alias1 cert1 - keyAlias2 -drive WWN Tue Feb 20 09:18:07 CST 2007 - creation date |m: LTO 4 W LTO 5 esLjG fl 9Ze8 V8 | g DKi! bOKOY. ^8%LM XML DO 68 EKMDataParser 58& gkO) ^8%LM DO; 68UOY.
PAGE 115
KeyManagerConfig.propertiesG ^8%LM DO L' nO $8 (Audit.metadata.file.name)! metadata *8N 3$Gm DOL Encryption Key Manager& G`OB NC p:d.! VYm !$_; ' Y= mI: volser 72448 z |CH XML 9Ze8 JM5O) %CUOY. /bin/java com.ibm.keymanager.tools.EKMDataParser -filename metadata -volser 72448 bB: Y=z 0L |D-KOY. % 8-1.
PAGE 116
– – 4. DO; :5O) O!Ov JB BW! VBv .NOJC@. EKMDataParserG @ y ^Cv! ! BW! )tH BW! *-GGN 1T KvR v V@OY. 5. O!Ov JB BW! __Gi SCN L%.& h&OE* JdQ BW& _!O ) L%.& O:OJC@. v Encryption Key Manager ^8%LM DOG Y= 9& 8i 9 x0 KeyUsageEvent! ! BW! x@OY.
PAGE 117
NO A. yC DO yC C[ pU :)3. fm: 0 zeR %LM& 88OB [w: El _dUOY. 0 zeR! W<:Ov J8i O#-H WLAG O#& X6R v x@OY. {s- 0 zeR W O# $8& zeX NJC@. Linux C'{ Y=: TuH fD8N iWsne!- EKM; C[R v VB yC :)3.TOY. L :)3.B EKM; C[Om 0 zeR O#, keystore_password& :)3.& k X |^UOY. L fl 0 zeR O#B EKM 8: DO! wTI v x@OY. F ! |m& |6OJC@. :)3. DO!B Y=L wTGn_ UOY. java com.ibm.keymanager.KMSAdminCmd KeyManagerConfig.properties <
PAGE 118
Admin.ssl.truststore.type = jceks Audit.event.outcome = success,failure Audit.event.types = all Audit.eventQueue.max = 0 Audit.handler.file.directory = /keymanager/audit Audit.handler.file.name = kms_audit.log Audit.handler.file.size = 10000 Audit.metadata.file.name = /keymanager/metafile.xml config.drivetable.file.url = FILE:///keymanager/drivetable config.keystore.file = /keymanager/testkeys config.keystore.provider = IBMJCE config.keystore.type = jceks fips = Off TransportListener.ssl.
PAGE 119
NO B. Encryption Key Manager 8: nO $8 DO Encryption Key Manager!B Encryption Key Manager -v W CLI ,sLp.! O*? 23G 8: nO $8 DOL JdUOY. L/Q " DO: Java.util.Properties Ne DON 3.Gm 8. P.Gn nO $8G |D W :e! Y=z 0: /$ & QgW; NzUOY. v 8: nO $8B Q Y! O*? bOKOY. /$ nO $8 *G |'B Y !n v TOY. v xiL wTH O#M 0: nO $8 *: Nk N#N -; Jd! x@OY. v 0 zeR O#G fLB 127Z LO)_ UOY. v Y !! _xH xiL VB fl L xi: nO $8 *G ONN X.KOY. yC 8: nO $8 DO: YnNeR v V5O http://support.dell.com!EKMServicesandSamples DON &xKOY.
PAGE 120
Admin.ssl.keystore.name = value L Wq: Encryption Key Manager -v # 8H RO h~(SSL) ,sLp . [w(9: sync mI)! gkGB 0 V W Nu- %LM#L:G L'TO Y. sync [w!- 8H RO ,sLp.! 8H RO -vN &xOB NuB L 0 zeR!- &xKOY. Jv 1C{TOY. sync mI!-8 gkUOY. config.keystore.file nO $8 *L b;*TOY. Admin.ssl.keystore.password = password Admin.ssl.keystore.name! W<:R ' gkOB O#TOY. Jv 1C{TOY. &xOv J8i Encryption Key Manager C [ C O#& /B ARA.! %CKOY. v$OB fl _ ! 8H; 'X L nO $8 *; NDOb nFT 8ig n O $8 DOG :DZ L' Z
PAGE 121
Admin.ssl.truststore.type = value gkGB 0 zeR /|TOY. Jv 1C{TOY. b;* jceks Audit.event.outcome = value v$H bB; }:OB (g L%.8 bOKOY. Jv 9 * success | failure. N fl pN 0% GB
PAGE 122
Audit.handler.file.name = kms_audit.log (g WqL bOGB DO L'TOY. Jv 9 Audit.handler.file.size = 100 Audit.Handler.file.nameL cD2b |nv u!R v VB )bTOY. Jv 1C{TOY. GeKOY. * 0 - ? \'B KBTOY. b;* 100 Audit.handler.file.threadlifespan = value (g 9Ze 3. :9eG vm; &QUOY. audit.handler.file.multithreads= trueN fl!8 gk !IUOY. Jv 1C{TOY. * \'B P.JTOY. b;* 10000 Audit.metadata.file.cachecount = 100 ^8%LM DO; 2b |nv ^p.! zeR v VB 9Ze v& v$U OY. Jv FO@ b;* 100 Audit.metadata.file.
PAGE 123
Jv 1C{TOY. config.keystore.file = value gkR 0 zeR& v$UOY. Jv 9 config.keystore.password = password config.keystore.file! W<:R ' gkOB O#TOY. v$OB fl _! 8H; 'X L nO $8 *; NDOb nFT 8ig nO $8 DOG : DZ L' Z
PAGE 124
Jv 9 * true | false b;* false 8H |m - CY% drive.default.alias1 3$z T2 6UO) L 3$; gk Oi Encryption Key Manager! ,aGB WLA esLj& |.Z! Xg e! _!G /?:; KuOv Jm5 _! W [?C3 v V@OY. Z
PAGE 125
v 32q. Intel Linux /f!-, LocalOS-setup/linux_ia32/ libjaasauth.so DO; java_home/jre/bin/ p:d.N 9gOJC@. ) b- java_home: 8k 1.4.2 JVM; G`OB 32q. Intel Linux ? NG fl java_install_path/IBMJava2-i386-142TOY. v 64q. AMD64 Linux /f!-, LocalOS-setup/linux-x86_64/ libjaasauth.so DO; java_home/jre/bin/ p:d.N 9gOJC@. ) b- java_home: 8k 1.4.2 JVM; G`OB 64q. AMD Linux ?NG fl java_install_path/IBMJava2-amd64-142TOY. Windows C'{G fl L DO: JdOv J@OY. 3!! OaGi Encryption Key Manager -v& C[R v V@OY.
PAGE 126
- Y= 0& +['N 1CO) gkKOY. keyAliasListG " :e: keyAlias GB keyAliasRange! kQ * _ O*& w TUOY. keyAliasB 0 zeR!- k* 0 L' GB 0m8N BNF(Backus-Naur Form)& Vk 12ZN v$OE* sequentialKeyID& $.w 21ZN v$UOY. keyAliasRangeB sequentialKeyID W 16x }Z& Vk 18Z(OLB(-)8N 8P)N v$UOY. 18Z& v$OB fl 3= 2ZB 00Ln_ UOY. GQ Q `! v$X_ Og cr-lf & wTR v x@OY. GroupIDB 0m Wl L'; v$UOY.
PAGE 127
* \'B C#TOY. b;* 24 sync.type = value Z?8N ?b-R %LM& v$UOY. Jv 1C{TOY. * config | drivetab | all b;* drivetab TransportListener.ssl.ciphersuites = JSSE_ALL Encryption Key Manager -v # kE!- gkR O# :'.TOY. O# :'.B %LM |[ C %LM 3/ ANd] TLS(Transport Layer Security) W 8H RO h~(SSL: Secure Sockets Layer) gkz O#- Km.r; 3 mUOY. Jv 1C{TOY. * * – IBMJSSE2!- vxOB pg O# :'.! !IUO Y. TransportListener.ssl.clientauthentication = 0 Encryption Key Manager-v # kE! JdQ SSL NuTOY. Jv 1C{TOY. * 0 - ,sLp.
PAGE 128
TransportListener.ssl.keystore.type = jceks Jv 1C{TOY. GeKOY. * JCEKS TransportListener.ssl.port = value Encryption Key Manager -v! Y% Encryption Key Manager -v GB Encryption Key Manager CLI ,sLp.G d;; ;kOB w.TOY. Jv 9 * 9& in w. x#B 443TOY. L *: CLI ,sLp. 8: nO $8 DOG TransportListener.ssl.port nO $8M O!X_ UOY. TransportListener.ssl.protocols = SSL_TLS 8H ANd]TOY. Jv 1C{TOY. * SSL_TLS (b;*) | SSL | TLS TransportListener.ssl.timeout = 10 SocketTimeoutExceptionL _}Ob |! RO!- Pbnv kbOB C#; v$UOY.
PAGE 129
TransportListener.tcp.port = value Encryption Key Manager -v! WLA esLjG d;; ;kOB w.T OY. b; TCP w. x#B 3801TOY. Jv 9 * 9& in w. x#B 10TOY. TransportListener.tcp.timeout = value SocketTimeoutExceptionL _}Ob |! RO!- Pbnv kbOB C#; v$UOY. Jv 1C{TOY. * \'B PTOY. 0: C# >aGv J=; *8@OY. b;* 10 CLI ,sLp. 8: nO $8 DO L ClientKeyManagerConfig.properties DO!B KeyManagerConfig.properties DO ! wTH nO $8 -j<.! V@OY. L -j<.B Y= nO $8& wTUO Y. TransportListener.ssl.
PAGE 130
V: KeyManagerConfig.properties DO!- gkGv J@OY. TransportListener.ssl.keystore.name = value L 0 zeRB Encryption Key Manager ,sLp.! Encryption Key Manager -vM kEOm 8H RO ,sLp. *R; v`R ' gkGb 5 UOY. Jv 9 TransportListener.ssl.keystore.type = jceks TB /|TOY. Jv 1C{TOY. GeKOY. b;* jceks TransportListener.ssl.port = value Encryption Key Manager -vM kER ' CLI ,sLp.! gkOB w .TOY. Jv 9 * L *: Encryption Key Manager -v nO $8 DO (KeyManagerConfig.properties)G TransportListener.ssl.port! v$H *z O!X_ UOY.
PAGE 131
NO C. ZV /B z.(FAQ) @kANW% b] 0 |. W sLj/.!- |.OB O#-& 6UO) gkR v V@On? FO@. @kANW%!- |.OB O#-& gkOB fl O#-B sLj/. h~!- umUOY. 6y!vN sLj/.!- |.OB O#-& gkOB fl Xg AN<:B Y% h~!- umUOY. " O#- |. f}: Y% f}! kX h8{LGN T2 gkR v x@OY. sLj/.!- |.OB O#-G f l @kANW%; /fOv JF5 KOY. WLA& O#-OE* O# X6OB d;; }:R v VB pg C:[! Encryption Key Manager& 3!O) G`X_ UOn? sLj/.!- |.OB O#-G fl WLA esLj 2b d;L }:GB C :[L Encryption Key Manager; G`OB C:[O JdB x@OY.
PAGE 132
WLA& O#-OB % gkOB Nu-! 8bGi n;T KOn? Encryption Key Manager!- L|! O#-H WLA& P@On? Nu- 8b )NB Encryption Key Manager!- _dOv J@OY. L Nu& hS gkO) L|! O#-H WLA& P@OY. W/* L|! O#-H W LA& PE* _!OAi 8bH Nu-& hS 0 zeR! Nn_ UOY. Encryption Key ManagerB Nu-& ;ER ' L'; Y_On? Encryption Key ManagerB b;{8N Nu- 8b C u 0& d;O5O 8: Gn V@OY. Encryption Key Manager! L8T 8:H fl Nu- ;EL J dOv J@OY. L bIL gk R!IOm L 3Nk 0/Nu- VL u 0 d ;!5 gkGB fl!B Nu-& ;EX_ UOY. Nu-8(/? /%) ;EG m ,|H 0B ;EGv J@OY.
PAGE 133
VGgW s% L ;.! gkGB s%N Dell, Dell Nm W PowerVaultB Dell Inc.G s%Lg, MicrosoftM WindowsB Microsoft CorporationG nOs%TOY. b8 s% W s #& gkOB }N GB Li }NG &0; p^Ob 'X 8gG s% W s#! ; .-!- gkI v V@OY. Dell Inc.B ZgG ML FQ s% GB s#! k X n0Q R/G5 .v J@OY.
PAGE 134
D-2 Dell Encryption Key Manager gkZ H;-
PAGE 135
kn L kn}!B ; -{ W |C -{! gkGB / EEDK. Externally Encrypted Data Key. %LM +..v! v kn, `n W N.Zn! $GGn V@OY. zeOb |! 0 O#- 0!- O#-(&N)GB %LM 0T 3Nk 0(Private key). O]{8N O# X6! gkGB O *G qk* 0 V! VB Q 0TOY. Encryption Key ManagerB 3Nk 0& gkO) O# X6 L|! 8#GB OY. KEK& |6OJC@. KEK. 0 O#- 0(Key Encrypting Key). %LM 0& O# -OB % gkGB 5}Z qk* 0TOY. EEDK& |6OJ AES %LM 0 &N; X&UOY. C@. xk 0(Public key). O]{8N O#-! gkGB O*G q PKDS. xk 0 %LM <.(Public Key Data Set). PKA O k* 0 V! VB Q 0TOY.
PAGE 136
E-2 Dell Encryption Key Manager gkZ H;-
PAGE 137
vN [!] [6] (g ^Cv 7-1 3d 8: 6-10 Audit.eventQueue.max 7-2 Audit.event.outcome Audit.event.types 6-11 8: h& GP 6-11 |C 6-12 BsN x Linux x T Audit.handler.file.multithreads Audit.handler.file.size T 7-4 = 7-3 7-4 6-15 6-14 8: DOG TCP w. x#! CY#v J = 7-6 6-14 L%. 7-8 8: DOL v$Gv J= v! ?b- GP 7-5 3Nk/xk 0 2-11 ?b-R %LM x= NW DO! F+Lj GP O#- 2-1, 2-2 -v C[ GP \O -v vxGv JB 6! 2-9 N 3G -v 2-9 Key Manager ,sLp.
PAGE 138
[Z] ClientKeyManagerConfig.properties m} eV 98 gL. h9 B-11 3-12 XML ^8%LM DO 2-11 E |&6G Oe~n W RA.~n 2-2 Linux Encryption Key Manager 2-3 Windows h9 2-3 2-1 Encryption Key Manager 8: VGgW D-1 Encryption Key Manager nO $8 3$ B-1 [+] Encryption Key Manager!- 8mOB @y 6-6 0 LTO! kX k* 3-11 F 0 Wl [: 3-16 0 zeR O# FIPS 140-2 J 0 zeR [: Encryption Key Manager GUI [8] WLA x/ 3-6 JCEKS 2-4 K 2-11 Key Manager DwM. [O] Oe~n d8gW 1-2 KeyManagerConfig.properties m} 3-12 2-2 #:.
PAGE 139
PAGE 140