HP StoreEver MSL Tape Libraries Encryption Key Server Configuration Guide

ManualsBrandsHP ManualsStorageHP MSL2024 Ultrium 920 SAS Tape Library

Configuring the KMIP feature for the 1/8 G2 Tape Autoloader and other

MSL Tape Libraries

The EBS Matrix lists the compatible KMIP server models, the server vendors, and links to primary

documents those vendors provide.

Table 3 Enrolling the autoloader or library with a KMIP server

Comment

Primary documents providing

more detailDescription of taskStep

Collect the IP address of each

server.

Server vendor’s product

documentation

Install and configure the key servers.1

Collect the filename of the CA

certificate (a file with a crt

extension).

Server vendor’s product

documentation

Create a local CA and server

certificate on the key server.

Collect the account username and

the account password.

“Creating the client user name

and password on the server”

(page 12)

Set up a new client user account for

the autoloader or library.

“Licensing” (page 5)Install the library license.4

“Set or enter the KMIP security

password” (page 17)

Set or enter the KMIP security

password in the RMI.

The user name will also be used to

generate the client certificate.

“Entering the KMIP client

credentials” (page 18)

Enter the KMIP Client Credentials in

the RMI.

“Generating the client certificate

request” (page 18)

Generate the autoloader or library

client certificate.

“Signing the client certificate on

the server” (page 18)

Sign the client certificate.8

“Installing the signed client

certificate” (page 19)

Install the signed client certificate in

the RMI.

If using ESKM 4.0, also copy the

signed certificate to the ESKM 4.0

client.

Enter the IP addresses from step 1.“Configuring access to the key

servers” (page 20)

Configure the accessible key servers

for the autoloader or library.

“Enabling KMIP-based

encryption” (page 21)

Enable KMIP-based encryption for

the autoloader or library.

“Verifying that the encryption key

server integration is working”

(page 22)

Verify that the KMIP encryption

feature is working.

NOTE: HP supplies the ESKM server but does not supply other KMIP servers. If you are not familiar

with configuring KMIP servers, please contact your KMIP server vendor.

Set or enter the KMIP security password

In the RMI Configuration: Security page, enter the KMIP security password, which is required for

modifying the KMIP configuration.

Configuring the KMIP feature for the 1/8 G2 Tape Autoloader and other MSL Tape Libraries 17