HP StoreEver MSL Tape Libraries Encryption Key Server Configuration Guide
3 KMIP-based key server integration
The HP StoreEver 1/8 G2 Tape Autoloader and tape libraries support integration with encryption
key management servers using the Key Management Interoperability Protocol (KMIP) standard.
KMIP is an industry standard protocol for communications between a key management server and
an encryption system. The KMIP specification is developed by the KMIP technical committee of the
OASIS standards body (Organization for the Advancement of Structured Information Standards).
The KMIP feature allows the tape device to obtain encryption keys from selected KMIP-compliant
key managers. These keys can be used to encrypt data as it is written to tape. Up to six key servers
can be configured for failover purposes.
ESKM 4.0 and later versions can be accessed through the KMIP protocol. The same ESKM server
can serve keys through both the native ESKM and KMIP protocols at the same time.
To use the KMIP feature, the autoloader or library must have access to a KMIP key manager. HP
only supports KMIP when used with a supported key manager, listed in the EBS Matrix, located
at http://www.hp.com/go/ebs. For additional information on configuring KMIP servers for use
with the autoloader and libraries, see the KMIP server documentation.
Creating the client user name and password on the server
NOTE: These instructions are for the SafeNet KMIP server. If you are using ESKM 4.0 or later
with the KMIP protocol, follow the instructions in the HP Enterprise Secure Key Manager User Guide
to create a client account for he library. If you are using a different server, consult your server
documentation for instructions.
1. Log into the SafeNet KMIP server and select the Security tab.
2. In the Users & Groups panel select Local Users & Groups.
3. Click Add.
4. Enter the user name and password, and set the User Administration Permission and Change
Password Permission settings and then click Save.
12 KMIP-based key server integration