Manualshelf

Nonstop Volume Level Encryption Guide

ManualsBrandsHP ManualsServerHP Integrity NonStop H-Series
11121314151617181920
5. Configure eth1 (enterprise LAN)
The service provider uses CLIMCMD to configure eth1 (the enterprise LAN) on the CLIM:
climconfig interface -add eth1
climconfig ip -add eth1 -ipaddress 16.107.132.108 -netmask 255.255.252.0
climconfig route -add eth1 -default -gateway 16.107.132.1
ifstart eth1
IP addresses and route options are customer-dependent. See the NonStop Cluster I/O Protocols
(CIP) Configuration and Management Manual for details.
6. Install the ESKM
The service provider installs the ESKM device and uses the ESKM Management Console to configure
it. See the Enterprise Secure Key Manager Installation and Replacement Guide for details. This
manual is on the CD shipped with the device.
As part of the installation process, you may need to install an ESKM license pack. A client license
is required for each user device (Storage CLIM) that will be created on the ESKM. Contact HP
support to obtain it with email sent by Atalla Support. See the Enterprise Secure Key Manager
Users Guide for additional guidance on installing the license file (on the CD shipped with the
device). If the number of created users exceeds the number of available licenses, a warning is
displayed in the ESKM GUI and the error is logged. If the license warning appears after registering
the CLIMs (“8. Register the CLIMs” (page 42)), you must obtain additional licenses from HP.
To configure and manage the ESKM, use the Administrator Authentication screen to log into the
Management Console with a username and password.
NOTE: If you are using Internet Explorer, TLS 1.0 must be enabled. From Internet Explorer, select
Tools | Internet Options | Advanced. Under “Security” check to see that TLS 1.0 is checked, and
check it if it is not.
The Key Manager must be set up so that:
On the High Security Configuration page, FIPS mode is enabled.
On the KMS Server Settings page, “Allow Key and Policy Configuration Operations” and
Allow Key Export” are selected.
SSL is enabled with client certificate authentication.
The default ports are used.
All server certificates in the cluster have the same name.
For the first node only, perform these tasks:
1. Start the appliance
2. Configure the appliance
3. Configure the first ESKM appliance
16 Installation