BackBox H4.00 Tape Encryption Option
Configuration
24 BackBox H4.00 Tape Encryption
• Select the Configuration menu and select the Switch to Edit mode (if not
already in)
• Select the VT Controller tab
• Select a VT Controller ID
• Click on the Update devices based on the probe result from VTC and all
host link (operation can take time to execute)
• Validate appropriate virtual tapes drives are used by VLE
• Repeat for other VT Controller ID.
• Click on the Save link
Configuring for Non-VLE
In this setup, the VTC is a client to the Key Manager. To be authenticated by the Key
Manager, the VTC presents an account, a password, and a digital certificate signed
by a Certificates Authority (most of the time a local one.)
For security reasons, tasks related to the generation, installation and configuration of
certificate and authentication elements should be restricted to a Security Authority
user.
Since there is many ways to generate a digital certificate and each of them may
require specific certificate fields entries depending on Key Manager server used or
enterprise security policies restrictions, following procedure would focus on IN and
OUT needed to be produce and which one (role) should accomplish it. Method
describe to produce requirement should be took as guide lines and adapted to
enterprise reality.
Key Manager configuration
• VT Controller (VTC) who will be used as client must be identified. Each VTC
should be licensed for encryption support (Security Authority user role)
• Supplemental client licenses (1 per VTC identify) should be provisioned at the
Key Manager server (KM Administrator role)
• A username with his password (1 per VTC identify) should be create according
enterprise policy (KM Administrator role.) The VT Controller ID can be a good
candidate for username
• All VTC’s “username” should be configured as a group on the key manager
server (KM Administrator role) and allow to:
o Be able to request key generation