Manualshelf

Virtual TapeServer 8.4 Configuration Guide

ManualsBrandsHP ManualsServerHP NonStop G-Series
919293949596979899100
88 | Virtual TapeServer Configuration Guide
key generator. If a key generator is reconfigured to no longer generate keys, it is then referred to as
a “non-key generator”. The key database remains on the non-key generator but that server no longer
creates keys. When a virtual tape needs to be decrypted, VTS retrieves the encryption key from the
key server that generated the key. If the key generator was reconfigured as a non-key generator,
VTS must still have access to that key server.
If there are multiple VTS servers in your environment, it is recommended that you designate only
one server as the key generator. You must reconfigure the localhost entry on all other servers as a
non-key generator so that each VTS server can continue to access its key database. (You can remove
a key generator instead of reconfiguring it if it was never used to create keys.) See "Using Data
Encryption in a multi-server environment" in the Data Encryption chapter of the Configuration Guide
for an example.
Any time a key is stored in the key database, the database is backed up locally and on a backup host.
In general, the key database (and its backup) remains small, typically around 10MB when storing
thousands of keys.
To add a key server
Requires Administration group membership
1. Click Configuration > Data Encryption on the navigation pane.
2. If necessary, log in using an account that is a member of the Administration group. Click the
Log In button at the top of the page and enter a username and password.
3. Click ADD NEW SERVER in the KEY SERVERS section of the page. The following is displayed:
4. In the Host/IP Address field, type the hostname or IP address of a VTS server in your
environment that you would like to designate as a key server.
5. In the Port Number field, type the port number of the key server, which is 9090 by default.
6. Select the Key Generator checkbox to enable the key server to generate keys. If you do not
select this checkbox, the key server can only be used to return keys from its database that
were previously used to encrypt virtual tapes.
7. In the Username field, type the username of the account that can access the VTS server. By
default, the vtsa user is configured on each VTS server.