Manualshelf

Nonstop Volume Level Encryption Guide

ManualsBrandsHP ManualsServerHP Integrity NonStop H-Series
11121314151617181920
2 Installation
Installation overview
In order to use Volume Level Encryption, you must install the ESKM and establish ESKM/CLIM
connectivity over the enterprise LAN. ESKM/CLIM interactions must be able to be authenticated
through certificates and encrypted through SSL, so that the CLIM can securely receive keys from
the ESKM. The appropriate security officers must be enabled to control volume encryption from
the NonStop system.
To accomplish this, you must perform these installation tasks:
Configure connectivity
Configure an ESKM cluster (if not already done)
Create a certificate authority on the ESKM if one does not exist
Have the ESKM certificate authority created server certificates for each ESKM
Have the CLIM create a client certificate for each CLIM
Have the ESKM CA sign the client certificates
Install the signed client certificates on the CLIMs
Create and populate an encryption group in Safeguard
Installation is done by a service provider and a customer security officer.
The service provider:
Installs and configures the CLIM
Installs the key manager
Configures LAN connection
Backs up the CLIM configuration
The security officer:
Installs the license
Configures SAFEGUARD and creates the security group
Configures the connection between the CLIM and the key manager
Configures devices to be encrypted
Performs data encryption procedures
To prepare for installation, have this information available:
CLIM names for the client certificates
Correct port numbers
To install this product, follow these steps:
“1. Install Storage CLIMs” (page 15)
“2. Install the license” (page 15)
“3. Configure SAFEGUARD” (page 15)
“4. Create security group” (page 15)
“5. Configure eth1 (enterprise LAN)” (page 16)
“6. Install the ESKM” (page 16)
“7. Perform pre-enrollment tasks” (page 18)
Installation overview 13