Manualshelf

Nonstop Volume Level Encryption Guide

ManualsBrandsHP ManualsServerHP Integrity NonStop H-Series
41424344454647484950
I. Verify connection between the NonStop system and the Key Manager
Use ping to verify that the NonStop system and key managers can communicate:
\JUNO1.$SYSTEM.STARTUP 1> ping 16.107.200.122
PING 16.107.200.122: 56 data bytes
64 bytes from 16.107.200.122: icmp_seq=0. time=20. ms
64 bytes from 16.107.200.122: icmp_seq=1. time=10. ms
64 bytes from 16.107.200.122: icmp_seq=2. time=10. ms
64 bytes from 16.107.200.122: icmp_seq=3. time=10. ms
----16.107.200.122 PING Statistics----
4 packets transmitted, 4 packets received, 0% packet loss
round-trip (ms) min/avg/max = 10/12/20
\JUNO1.$SYSTEM.STARTUP 2>
If the key manager is not accessible from the NonStop system, set up access one of these ways:
If the system uses IP CLIMs and has an unused Ethernet port on an IP CLIM, you can connect
the Key Manager to the subnet implemented by the PROVIDER using that IP CLIM. For details,
see the NonStop Cluster I/O Protocols (CIP) Configuration and Management Manual. In this
case, all the applications using this IP CLIM share the same TCP/IP stack.
If the system has extra IP CLIMs, you can create a PROVIDER and CIPSAM process and connect
the Key Manager to the subnet implemented by that PROVIDER. This option is more secure
because applications using this IP CLIM do not share the same TCP/IP stack.
If the system uses G4SA or earlier adapters and has an unused Ethernet port on that adapter,
you can create a conventional TCP/IP SUBNET object using that port. If the system uses
NonStop TCP/IPv6, all TCPSAM processes have access to the port once the environment has
been configured, except in the case of Logical Network Partitioning (LNP). If the system uses
LNP, all applications using this port must use the TCPSAM process configured for that LNP.
HP recommends using LNP for this purpose for increased security.
Once you have configured the conventional TCP/IP process and SUBNET, or you have
configured the TCPSAM process, you can associate the Key Manager with the TCP/IP process
associated with that port.
For information about creating a SUBNET, see the TCP/IP Configuration and Management
Manual. For information about configuring the NonStop TCP/IPv6 environment, see the
TCP/IPv6 Configuration and Management Manual.
This completes NonStop pre-enrollment tasks. Go on to “8. Register the CLIMs” (page 42).
8. Register the CLIMs
Be sure that you have obtained and installed (if needed) a license pack on the ESKM (described
in the Enterprise Secure Key Manager Users Guide on the CD), shipped using email for installation
on the device. The license installation step can be done before you register the CLIMs to the ESKM
(i.e. prior to creating users on the ESKM). If you omit this step and the number of created user
exceeds the number of licenses purchased, a warning message will appear in the GUI and in the
log file.
Register the CLIM to access the Key Manager with the “Register CLIMs with Key Managers guided
procedure. It is launched from an action within OSM Service Connection under the CLIMs object.
The NSSuser local user is a temporary user. Delete it after you complete the registration process.
42 Installation