Manualshelf

Virtual TapeServer 8.3 Configuration Guide

ManualsBrandsHP ManualsServerHP NonStop G-Series
919293949596979899100
Enabling and Configuring Data Encryption | 83
If you choose to designate another server (server C in this example) as the key generator after
server A has generated keys, you must perform these steps to reconfigure the Data Encryption
environment:
1. Add server C as a key generator on servers A, B, and C.
2. Reconfigure server A as a non-key generator on servers A, B, and C. To reconfigure a key
generator as a non-key generator, you must remove the server entry and re-add it, clearing
the Key Generator option.
3. Add database backup hosts on server C: add an entry for the localhost (server C) and add
server A or B as a key database backup host. Server B is added in this example. You can add
server A and B if you want to define multiple backup hosts. You can also remove the backup
hosts that are defined on server A, though there is no harm in keeping the entry. Add a backup
host that is outside of your VTS environment (server E in this example) on server C.
Here is an illustration of the modified configuration:
Prerequisites for configuration
Before you begin, ensure the connection between the host and VTS servers is secure. Then, ensure
that the connection between the VTS server and the physical drive or library is secure if you want to
export encrypted virtual tapes. You may also want to gather the following information to expedite
the configuration process:
l Username and password of a VTS user account that belongs to the Administration group.
l If multiple VTS servers are installed, gather the following:
l Hostname or IP address, username, and password of the VTS server that will be
configured as the key generator, which will generate keys when virtual tapes and pools
need to be encrypted and decrypted.
l Hostname or IP address, port, username, and password for configuring a backup host
that will be used by the key generator to store a backup of the key database; this host
must support the Secure Copy (SCP) protocol, through the use of the scp or scp2
program.
Adding a key server
A key server is embedded in every VTS server and, by default, each VTS server is configured to
generate keys. This type of key server is referred to as a “key generator”. When a key is generated,
the key ID is stored with the encrypted virtual tape and the key is stored in a key database on the