HP Enterprise Secure Key Manager Configuration Guide for HP Tape Libraries
|
|
- Susan Butler
- 6 years ago
- Views:
Transcription
1 HP Enterprise Secure Key Manager Configuration Guide for HP Tape Libraries Abstract This document provides information about configuring the HP Enterprise Secure Key Manager (ESKM) for use with HP tape libraries. This book is intended for security officers, system administrators, and IT personnel responsible for operating and maintaining ESKM for use with HP tape libraries. HP Part Number: QN Published: September 2013 Edition: 3rd
2 Copyright 2011, 2013 Hewlett-Packard Development Company, L.P. Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR and , Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein. Warranty
3 Contents 1 Prerequisites and Planning...4 Network Ports...4 Library Partitioning...4 Determining the Appropriate Key Generation Policies...5 HP Tape Library Hardware and Firmware Requirements...6 ESKM Tiers...6 ESKM Pre-installation Checklists Creating ESKM Client Accounts Enrolling HP Tape Libraries with the ESKM...15 Enrolling ESL E-Series and EML E-Series Libraries...15 Verifying Connectivity from the Library to ESKM...34 Enrolling ESL G3 Libraries...35 Enrolling MSL6480 Libraries Verifying Proper Configuration of the ESKM and Tape Libraries...46 Test 1: Verify that Tape Backups are Encrypted...46 Test Summary...46 Prerequisites...46 Pre-test Configuration Steps...47 Test Steps...47 Issues...48 Test 2: Verify that Each ESKM Node Supports Tape Library Operations after Failure of a Single Node...48 Test Summary...48 Prerequisites...48 Pre-test Configuration Steps...48 Test Steps...49 Issues...49 Example Verification Support and Other Resources...56 Contacting HP...56 Typographic Conventions...56 Documentation feedback...56 Index...57 Contents 3
4 1 Prerequisites and Planning The following must be installed before configuring ESKM to use HP tape libraries: All ESKM nodes, configured in a cluster Server-side licenses, if necessary Tape libraries, must be operational and have firmware installed which supports ESKM Client-side licenses for the library's encryption feature Before configuring ESKM to use HP tape libraries: Have the pre-installation checklist from the ESKM Installation and Configuration Guide available. Create the ESKM client accounts for each HP tape library. See Creating ESKM Client Accounts (page 11). The following sections will help you choose the configuration options and key generation policies that are appropriate for your system. Network Ports Network connectivity must be provided between the nodes of the ESKM cluster, the tape libraries, and the Command View management software (if used). If firewalls exist between any of those components, then ports must be opened to allow this traffic. All ports are TCP ports. See Table 1 (page 4) for the ports that are used. Table 1 SKM or ESKM Network Ports Port number Purpose SSH login to SKM or ESKM SNMP from SKM or ESKM ETLA login to SKM or ESKM FIPS status server from SKM or ESKM SKM or ESKM networking Web login to SKM or ESKM Library Partitioning Determine what portion of your backups will be encrypted and provision sufficient LTO4 or later generation drives to meet those requirements. If some of the LTO4 or later generation tape drives in a library will be used for encryption and others will not, then the library must be partitioned before the client account on the ESKM can be created. Each partition must have a separate key generation policy that will apply to all LTO4 or later generation drives in that partition. For example, if you have eight LTO4 or later generation drives but only want two of them to be used for encryption, partition the library so that one partition contains two LTO4 or later generation drives and the other partition contains the remaining six drives. If a library is not partitioned, then all LTO4 or later generation drives will be used for encryption after the ESKM has been configured. The number of libraries and LTO4 or later generation tape drives dedicated to encrypting backup data will depend on your business needs. NOTE: Partitioning the library is not part of the ESKM installation service. However, if there will be both encrypting and non-encrypting drives in the same tape library, it is necessary to partition the library. Any partitioning steps must be complete before the ESKM is installed. Consult the users guide for your tape library for instructions on library partitioning. 4 Prerequisites and Planning
5 Planning steps: Have a list of libraries to be enrolled with the ESKM. For each library, have a list of LTO4 or later generation drives that will be used for encryption. If there are also LTO4 or later generation drives in the libraries that will have different encryption policies, ensure a partition is configured for each policy before the ESKM installation occurs. Determining the Appropriate Key Generation Policies Key generation policies allow the security officer (SO) or ESKM administrator to centrally control and audit how encryption is performed. These policies provide a crisp, unambiguous definition of when encryption is and is not performed. This supports the SO s broader ability to provide specific, auditable security policies for the data center. Each partition in the library must have a key generation policy. Each partition may have a different key generation policy, depending on the business needs. If the library is not partitioned, then all LTO4 or later generation drives in the library have the same policy. Consider partitioning the library if any of the following are true: If your business needs require more than one key generation policy for a single library, the library must be partitioned before setting up the ESKM client account for that library. If the library contains a mixture both encrypting and non-encrypting tape drive technologies, HP recommends creating separate partitions for each drive type. Only LTO4 and later generation drives can be configured for encryption. For more information on partitioning HP tape libraries, see the user guide for your HP tape library. The HP ESKM and HP tape libraries support the following key generation policies: Key per tape (KT) Each LTO4 or later generation tape in the partition (or library) is encrypted with a different key. Also, a new key is created each time that tape is overwritten from the beginning. Key names are associated with a unique media ID for that cartridge. All data written on the tape is encrypted with the same key, even if data is appended to the media later. HP recommends using the KT policy. Key per partition, or key per library (KP) All LTO4 or later generation tapes in the partition (or library) use copies of one key. However, each copy has a unique key name. Key names are associated with a unique ID associated with the tape cartridge. All data written on the tape is encrypted with the same key, even if data is appended to the media later. The key remains in effect until the ESKM administrator or SO changes it. No encryption (NE) All LTO4 or later generation drives in the partition (or library, if the library is not partitioned) will always read and write without any encryption. These drives are not configured to read encrypted data from other partitions, either. Furthermore, backup and archive software using the tape drives cannot enable encryption on the tape drives. Externally managed (EM) Similar to the No Encryption (NE) policy except keys are allowed from backup and archive software. However, like NE, the HP tape library and ESKM do not provide or manage these keys. Currently, only the ESL G3 tape library supports the EM policy. NOTE: Non-encrypted tapes can always be read regardless of the policy in effect. LTO4 or later generation drives in an encrypting partition managed by ESKM (KT or KP) will only write encrypted data. Planning step: For each library being enrolled with the ESKM, list the desired key generation policy for each partition. If the library is not partitioned, list the key generation policy to be applied to the entire library. Determining the Appropriate Key Generation Policies 5
6 Using the library GUI or CVTL, determine the serial number of each partition in the library. The serial numbers are part of each partition's key-generation policy. Every partition must have a separate key generation policy even if all the policies are the same or if a policy is No Encryption. HP Tape Library Hardware and Firmware Requirements ESKM Tiers Earlier versions of CVTL and library firmware only support the HP Secure Key Manager (SKM). More recent versions will support both SKM and ESKM. If necessary, update CVTL and/or library firmware to a version with ESKM support. Planning step: For each HP tape library connected to the ESKM, ensure that the library firmware has ESKM support prior to beginning ESKM installation. If necessary, upgrade the firmware. The following are the minimum HP tape library firmware versions required to support ESKM: EML E-Series tape library: 1407 Command View TL: Interface Manager: I270 LTO4 tape drive: H58S LTO5 tape drive: I3AS LTO6 tape drive: J2AS ESL E-Series tape library: 7.6 Command View TL: Interface Manager: I270 LTO4 tape drive: H58W LTO5 tape drive: I3BW ESL G3 library firmware: 620H.GS07101 Command View TL: LTO4 tape drive: H63W LTO5 tape drive: I3FW LTO6 tape drive: J2AW MSL6480 library firmware: 3.90 Command View TL: LTO4 and later generation drives: all supported firmware versions Each tape library can communicate with the ESKM server cluster via up to 18 different IP addresses. If the library cannot communicate with one of the ESKM IP addresses, it will failover to the next on the list. These 18 addresses are provided in three tiers of six addresses each. The purpose of tiering is to control the order used during failover. For example, there may be four ESKM nodes in the cluster, two in the Americas, one in Europe, and one in Asia. For a library in the Americas, the first tier would contain the two ESKMs in the Americas. Failover will try to use those units first. The second tier may be the node in Europe, and the third tier may be the node in Asia. This will direct the failover in a way which prefers nearer units over more distant units. 6 Prerequisites and Planning
7 ESKM Pre-installation Checklists Prepare to install and use the ESKM system by recording the following information. If any information is missing, it will delay or prevent complete configuration and functioning of the ESKM system and the library's data encryption feature. You will need the serial number of the HP tape library to be enrolled as an ESKM client. If the library is partitioned, you will need the serial number of each partition. To locate the serial numbers: ESL E-Series and EML E-Series libraries The library serial number is available from Command View TL. Select and manage the library to be enrolled. Click the Identity tab. The library serial number is shown at the bottom of the screen. Partition serial numbers are also available from Command View TL. Select and manage the library to be enrolled. Click the Configuration tab. In the left-hand section of the window, click Partitioning. The library partitions are shown in the Partitioning section of the window to the right. For each partition, right-click the name of the partition and select Properties. The partition serial number is shown near the top of the Properties window. ESL G3 libraries Log into the library as Security user. All of the library partitions are shown in the Managed Views window. Select each partition; the partition serial number is shown in the System Information box above the Managed Views. MSL6480 libraries Log into the library as the security or administrator user. All of the library partitions are shown in the Status > Partition Map > Configuration Status screen. ESKM Pre-installation Checklists 7
8 Table 2 HP Tape Library 1 Device Information Library Information Library model Library firmware ETLA 2.7 or higher ESL G3 620H.GS07101 or higher MSL or higher Library clock is set, or NTP enabled? Client licenses installed? IP address of the library or Command View Security User username and password, for Command View TL or ESL G3 Library's ESKM client account name available? Library's ESKM client account password available? Partition 1 s/n and Policy (for example, US , KT) Partition 2 s/n and Policy Partition 3 s/n and Policy Partition 4 s/n and Policy Partition 5 s/n and Policy ESKM Information ESKM admin username and password available? ESKM Key Sharing Group name is available? ESKM node 1 IP address ESKM node 1 tier ESKM node 2 IP address ESKM node 2 tier ESKM manageability port (default: 9443) ESKM KMS server port (default: 9000) Backup Software Access Backup servers & application IP address Backup server username and password Scratch LTO4/5 media available? Table 3 HP Tape Library 2 Device Information Library Information Library model Library firmware ETLA 2.7 or higher ESL G3 620H.GS07101 or higher MSL or higher 8 Prerequisites and Planning
9 Table 3 HP Tape Library 2 Device Information (continued) Library Information Library clock is set, or NTP enabled? Client licenses installed? IP address of the library or Command View Security User username and password, for Command View TL or ESL G3 Library's ESKM client account name available? Library's ESKM client account password available? Partition 1 s/n and Policy (for example, US , KT) Partition 2 s/n and Policy Partition 3 s/n and Policy Partition 4 s/n and Policy Partition 5 s/n and Policy ESKM Information ESKM admin username and password available? ESKM Key Sharing Group name is available? ESKM node 1 IP address ESKM node 1 tier ESKM node 2 IP address ESKM node 2 tier ESKM manageability port (default: 9443) ESKM KMS server port (default: 9000) Backup Software Access Backup servers & application IP address Backup server username and password Scratch LTO4/5 media available? Table 4 HP Tape Library 3 Device Information Library Information Library model Library firmware ETLA 2.7 or higher ESL G3 620H.GS07101 or higher MSL or higher Library clock is set, or NTP enabled? Client licenses installed? IP address of the library or Command View Security User username and password, for Command View TL or ESL G3 ESKM Pre-installation Checklists 9
10 Table 4 HP Tape Library 3 Device Information (continued) Library Information Library's ESKM client account name available? Library's ESKM client account password available? Partition 1 s/n and Policy (for example, US , KT) Partition 2 s/n and Policy Partition 3 s/n and Policy Partition 4 s/n and Policy Partition 5 s/n and Policy ESKM Information ESKM admin username and password available? ESKM Key Sharing Group name is available? ESKM node 1 IP address ESKM node 1 tier ESKM node 2 IP address ESKM node 2 tier ESKM manageability port (default: 9443) ESKM KMS server port (default: 9000) Backup Software Access Backup servers & application IP address Backup server username and password Scratch LTO4/5 media available? 10 Prerequisites and Planning
11 2 Creating ESKM Client Accounts In this section, an ESKM client account will be created for each tape library and then each tape library will be configured to obtain keys from the ESKM. The process is the same for all HP tape libraries that support ESKM. NOTE: A client-side license is required on most HP tape libraries that support ESKM. Ensure that all HP tape libraries which will use the ESKM are in green status before setting up their client accounts. The HP tape libraries must have LTO4 or later generation tape drives installed, and the library and its components must have firmware versions that support the ESKM key manager. Instructions for obtaining and updating firmware can be found in the library's user and service guide. In the following steps, key generation policies are assigned per library partition or per physical library if there are no partitions. TIP: For ESL E-Series and EML E-Series libraries, if you have Command View TL open in a separate browser window you can copy and paste the serial numbers from Command View to the ESKM console. Procedure 1 1. Complete the pre-installation checklists and have them available. See ESKM Pre-installation Checklists. 2. In an internet browser, login as the administrator to open the ESKM Cluster: 3. Click the Security tab. 4. In the navigation column, select Local Users & Groups. 5. Click Add to create a user. 6. Enter the user name and password in the empty fields. User name: can be any value but must be unique for each HP tape library. Password: cannot be a dictionary word, must be eight or more characters, must contain both alpha and numeric characters, and must begin with a letter. Passwords are case-sensitive. 7. Unselect the following check boxes: User Administration Permission Change Password Permission 11
12 8. Select the newly created user and click the Custom Attributes tab. 9. Click Add. 12 Creating ESKM Client Accounts
13 10. Enter the following: a. Attribute name: KeyGenPolicy b. Attribute value (one of the following per partition): <Partition Serial Number><space><KP><space><partition master key> <Partition Serial Number><space><KT> <Partition Serial Number><space><NE> <Partition Serial Number><space><EM> Currently, only the ESL G3 tape library supports the EM policy. KP is Key per Partition, KT is Key per Tape, NE is No Encryption, and EM is Externally Managed. IMPORTANT: Every library partition must have a key generation policy. When entering policies for ESL G3 libraries, be sure to include a policy for the AMP partition; HP recommends using the NE policy. c. Click Save. 11. For partitions using the KP policy, select the Security tab. For all other policies, skip to Step In the navigation column, select Keys. 13. Click Create Key. 14. Enter the following information: Key Name (for example, im25key1) Owner Username: user created in the previous steps (FCLib01) Algorithm: AES-256 Deletable: checked Exportable: checked Versioned Key Bytes: unchecked Copy Group Permissions From: None (the default) 13
14 15. Click Create. 16. Create a key sharing group so HP tape libraries can share keys. IMPORTANT: When keys are created, they are automatically accessible to all the libraries in that key sharing group. Encrypted media may be exported from one library in a key sharing group and imported to another tape library for decryption. You may have additional groups for more complex sharing requirements. Therefore, HP strongly recommends creating a key sharing group even if you only have one tape library. Key sharing only applies to keys that are created after the group is created, so it is important to create the key sharing group prior to creating keys. a. Select the Security tab. b. In the Users & LDAP menu, select Local Users & Groups. c. Under User & Group Configuration scroll to the Local Groups section. d. Click Add. e. Type the name of the group in the edit field. For example, MainDataCenter. f. Select the name of the new group. g. Under User List, click Add. h. Type the username of the library client to be added to the group, or use the down arrow to select the library name from the displayed list. i. Click Save. 17. Repeat this procedure for each library to be enrolled in the ESKM. 14 Creating ESKM Client Accounts
15 3 Enrolling HP Tape Libraries with the ESKM Each of the HP tape libraries selected for encryption must be enrolled with the ESKM. Using the Key Management Setup Wizard, you establish a secure communication link between the library and the ESKM by setting up the certificate authority and certificates on the library, entering the user name and password that the library uses to log on to the ESKM, and entering the IP addresses of the ESKM appliances. The wizard will verify the connectivity to the ESKMs after all the data has been provided, and it will retrieve the key generation policies. NOTE: The ESKM installation and client enrollment service will only include enrollment for the specific libraries in the installation scope of work. The ESKM installation does not include configuring the HP tape libraries for backups, connecting them to the SAN, partitioning them, or updating their firmware to support configuring the library for backups or encryption. Enrolling ESL E-Series and EML E-Series Libraries To enroll ESL E-Series and EML E-Series libraries with the ESKM: 1. As the Security user, manage the library using Command View TL. 2. Select the Configuration tab. 3. From the navigation pane, select Key Management. 4. Under Actions, select Launch Key Manager Setup Wizard. The Welcome page opens. 5. Click Next; this opens the Key Management Setup Wizard Options screen. Enrolling ESL E-Series and EML E-Series Libraries 15
16 6. During the first time encryption, Select Key Manager Type should be selected. Verify the selection. 7. Click Next; this opens the Key Manager Selection screen. 16 Enrolling HP Tape Libraries with the ESKM
17 8. Verify that HP Enterprise Secure Key Manager is selected. 9. Click Next; this opens the Certificate Authority Information page which describes the prerequisites for getting CA certificates. Enrolling ESL E-Series and EML E-Series Libraries 17
18 10. Click Next; this opens the Certificate Authority Selection screen. 11. Verify that HP Enterprise Secure Key Manager (ESKM) Local Authority (default) is selected. NOTE: In some circumstances, the customer may require a different CA than the one on the ESKM. If this occurs, select Third-Party Certificate Authority, and ask the customer to display the CA certificate so it can be pasted into the following screens. 12. Click Next; this opens the Retrieve the Local Certificate Authority Certificate screen. 18 Enrolling HP Tape Libraries with the ESKM
19 13. Click Next; this opens the Certificate Authority Certificate Entry screen which contains an empty box in which to paste the certificate. 14. Go to the ESKM cluster. 15. Select the Security tab. 16. In the navigation column, select Local CAs to open the Local Certificate Authority List. 17. Select the appropriate CA name to open the certificate. Enrolling ESL E-Series and EML E-Series Libraries 19
20 18. Copy the CA certificate from the bottom of the screen. Select all the characters from BEGIN CERTIFICATE through END CERTIFICATE, including the dashes. Then right-click and select Copy. Return to the Certificate Authority Certificate Entry screen of the Command View (Step 13). 19. Right-click within the Certificate Authority Certificate Entry box and select Paste. 20 Enrolling HP Tape Libraries with the ESKM
21 20. Click Next; this opens the Library Certificate Information screen. The certificate is not yet created. NOTE: The ESKM refers to the library certificate as a Client Certificate. Enrolling ESL E-Series and EML E-Series Libraries 21
22 21. Click Next to create the library certificate. 22 Enrolling HP Tape Libraries with the ESKM
23 22. Once the certificate has successfully been imported, click Next to view and copy the certificate. Enrolling ESL E-Series and EML E-Series Libraries 23
24 23. Copy the certificate. Select all the characters from BEGIN CERTIFICATE through END CERTIFICATE, including the dashes. Right-click and select Copy, or click Copy Certificate. 24. Click Next. 25. Read the instructions on the screen, then click Next. 24 Enrolling HP Tape Libraries with the ESKM
25 26. Return to the ESKM cluster. Enrolling ESL E-Series and EML E-Series Libraries 25
26 27. Click Sign Request. 28. Select the Certificate Purpose as Client and enter the appropriate Certification Duration. Unless your organization has specific policies otherwise, HP recommends selecting the default duration. 26 Enrolling HP Tape Libraries with the ESKM
27 29. Paste the copied certificate from the Prepare to Sign your Library Certificate screen (Step 23) into the Sign Certificate Request screen of the ESKM cluster. 30. Click Sign Request. 31. Copy the generated client certificate that has been signed by the CA. 32. Return to the Command View TL GUI. Enrolling ESL E-Series and EML E-Series Libraries 27
28 33. Paste the copied CA certificate from the ESKM cluster into the Signed Certificate Entry box. 28 Enrolling HP Tape Libraries with the ESKM
29 34. Click Next to open the HP Enterprise Secure Key Manager Iinformation screen. Enrolling ESL E-Series and EML E-Series Libraries 29
30 35. Click Next; this opens the ESKM Configuration screen. 30 Enrolling HP Tape Libraries with the ESKM
31 36. Enter the appropriate details as follows: Library Username the case-sensitive username created in the ESKM cluster (Step 6 in Creating ESKM Client Accounts), in this example FCLib01. Password the password created in the ESKM cluster (Step 6 in Creating ESKM Client Accounts). Confirm Password again, the password created in the ESKM cluster. 37. Click Next; this opens the Tier configuration screen. Enrolling ESL E-Series and EML E-Series Libraries 31
32 38. Enter the ESKM cluster IP addresses in the Tier 1 screen. You may also use fully qualified DNS names. 39. If tiering is used, select the Add another tier box. Then enter the IP addresses into the Tier 2 and Tier 3 address fields. 40. Click Next; this opens the Key Manager Setup Summary confirmation screen. 32 Enrolling HP Tape Libraries with the ESKM
33 41. Verify that the appropriate data is entered in each Tier. The IP addresses should match those you entered in Step 38 and Step Click Next. Enrolling ESL E-Series and EML E-Series Libraries 33
34 43. Click Finish. 44. A confirmation box opens; click OK. This completes the update and verification operation and the ESKM enrollment process. Proceed to Verifying Proper Configuration of the ESKM and Tape Libraries (page 46). Verifying Connectivity from the Library to ESKM This step is optional but useful when troubleshooting or updating policies on the ESKM. While this example is specific to ETLA, the ESL G3 has a similar feature. To verify connectivity from the library to the ESKM: 1. In the Launcher window, click the Library Selection tab. A list of the current libraries appears. 2. Double-click the library for which to verify connectivity. 3. Log in as the security user. 4. Click the Configuration tab. 5. In the left panel, select Key Management. NOTE: The Key Management command will only appear if you have Advanced Secure Manager and LTO4 or later generation tape drives installed in your library. (To verify if LTO4 or later generation drives are installed, navigate to the Library window, click the Status tab, then in the left panel, click Advanced LTO Drives). 34 Enrolling HP Tape Libraries with the ESKM
35 6. Select Actions Launch Key Management Setup Wizard. The welcome screen appears. 7. Read the information on the screen, and click Next. Page 1 of the wizard appears. 8. Select Verify Key Manager Connectivity, and click Next. 9. Verify that the configuration is correct, then click Next. 10. When the Update and Verification Operation Complete dialog box appears, read whether the operation completed successfully or not, then click OK. Enrolling ESL G3 Libraries 1. If you are using Command View TL, select the library name under the Managed Views. 2. Log onto the library as the Security user. 3. Go to Setup Encryption Key Management Setup Wizard. Enrolling ESL G3 Libraries 35
36 The Welcome page opens. 4. Click Next; this opens the Key Management Setup Wizard Options screen. 36 Enrolling HP Tape Libraries with the ESKM
37 5. During the first time encryption, Select Key Manager Type should be enabled and everything else is disabled by default. Verify the selection. 6. Click Next; this opens the Key Manager Selection screen. 7. Verify that HP Enterprise Secure Key Manager is selected by default. 8. Click Next; this opens the Certificate Authority Information page which describes the prerequisites for getting CA certificates. 9. Click Next; this opens the Certificate Authority Selection screen. Enrolling ESL G3 Libraries 37
38 10. Verify that HP Enterprise Secure Key Manager (ESKM) Local Authority (default) is selected. NOTE: In some circumstances, the customer may require a different CA than the one on the ESKM. If this occurs, select Third-Party Certificate Authority, and ask the customer to display the CA certificate so it can be pasted into the following screens. 11. Click Next; this opens the Retrieve the Local Certificate Authority Certificate screen. 12. Click Next; this opens the Certificate Authority Certificate Entry screen. 13. Go to the ESKM cluster. 14. Select the Security tab. 15. In the navigation column, select Local CAs to open the Local Certificate Authority List. 16. Select the appropriate CA name. 38 Enrolling HP Tape Libraries with the ESKM
39 17. Copy the CA certificate from the bottom of the screen. Select all the characters from BEGIN CERTIFICATE through END CERTIFICATE, including the dashes. Then right-click and select Copy. Return to the Certificate Authority Certificate Entry screen of the ESL G3 library (Step 12). 18. Paste the CA certificate in Certificate Authority Certificate Entry box. Enrolling ESL G3 Libraries 39
40 19. Click Next; this opens the Library Certificate Information screen. NOTE: The ESKM refers to the library certificate as a Client Certificate. 20. Click Next; this opens the Prepare to Sign your Library Certificate screen. 21. Copy the certificate. Select all the characters from BEGIN CERTIFICATE through END CERTIFICATE, including the dashes. Then right-click and select Copy. 22. Click Next; this opens the Sign your Library Certificate screen. 23. Click Next. 24. Return to the ESKM cluster. 40 Enrolling HP Tape Libraries with the ESKM
41 25. Click Sign Request. 26. Paste the copied certificate from the Prepare to Sign your Library Certificate screen (Step 21) into the Sign Certificate Request screen of the ESKM cluster. 27. Select the Certificate Purpose as Client and enter the appropriate Certification Duration. Unless your organization has specific policies otherwise, HP recommends selecting the default duration. 28. Click Sign Request. Enrolling ESL G3 Libraries 41
42 29. Copy the generated client certificate that has been signed by the CA. 30. Return to the ESL G3 library GUI. 31. Paste the copied CA certificate information in the Signed Certificate Entry box. 32. Click Next; this opens the HP Enterprise Secure Key Manager Information screen. 33. Click Next; this opens the ESKM Configuration screen. 34. Enter the appropriate details as follows: Library Username the case-sensitive username created in the ESKM cluster (Step 6 in Creating ESKM Client Accounts), in this example FCLib01. Password the password created in the ESKM cluster (Step 6 in Creating ESKM Client Accounts). Confirm Password again, the password created in the ESKM cluster. 42 Enrolling HP Tape Libraries with the ESKM
43 35. Click Next; this opens the Tier configuration screen. 36. Enter the appropriate Node Address in the Tier 1 screen. 37. If tiering is used, select the Add another tier box. Then enter the IP addresses into the Tier 2 and Tier 3 address fields. 38. Click Next; this opens the Key Manager Setup Summary confirmation screen. Enrolling ESL G3 Libraries 43
44 39. Verify that the appropriate data is entered in each Tier. 40. Click Finish. 41. A confirmation box opens; click Yes; this opens the Key Management Setup Summary. This completes the enrollment process. The remaining steps are to confirm a successful enrollment. Proceed to Verifying Proper Configuration of the ESKM and Tape Libraries (page 46). 42. Click Close to exit the wizard. 43. Go to Library Monitor Key Management. 44. Verify the ESKM Server Information. Enrolling MSL6480 Libraries 1. Log into the library remote management interface (RMI) as the security user. 2. Verify that library configuration is complete, including defining all library partitions. 3. Navigate to the Configuration > System > License Key Handling screen and verify that the ESKM license has been added. 44 Enrolling HP Tape Libraries with the ESKM
45 Table 5 MSL6480 ESKM licenses Part number TC469A TC469AAE Description HP StoreEver MSL6480 ESKM Encryption License HP StoreEver MSL6480 ESKM Encryption E-License 4. Click Encryption ESKM Wizard to start the wizard. 5. The Wizard Information screen displays information about the wizard. If the library configuration is complete, click Next. 6. The Certificate Authority Information screen displays prerequisites for using the ESKM certificate. When the prerequisites are met, click Next. 7. The Certificate Authority Certificate Entry screen displays instructions for obtaining the certificate for the ESKM server. Follow the instructions to copy the certificate from the management console. Paste the certificate into the wizard and then click Next. 8. The Library Certificate Information screen displays prerequisites for generating and signing the certificate for the library. When you have verified that SSL has been enabled on the ESKM device and that the ESKM management console is open and ready for use, click Next. 9. In the ESKM Client Configuration screen enter the username and password that the library will use to communicate with the ESKM. If the username and password have not already been set up on the ESKM device, follow the instructions in Creating ESKM Client Accounts (page 11) to create a client account for the library. Enter the client username and password, and then click Next. 10. The Certificate Generation screen displays the current library certificate, if one exists. Select whether to keep the current certificate or generate a new one and then click Next. 11. In the ESKM Tier Selection screen you can group ESKM devices into tiers so the library will attempt to connect with ESKM devices in the top tier first, and then failover to connect with ESKM devices in a lower priority tier if necessary. For example, you might put ESKM devices in the same data center as the library in Tier 1 with ESKM devices in remote data centers in Tiers 2 and 3. One tier is used by default. To add a tier, click Add Tier. Enter the IP address or fully-qualified hostname and port number for up to six ESKM devices in each tier. To verify access to the ESKM devices, click Connectivity Check. When the tier configuration is complete, click Next. 12. The Setup Summary screen displays the settings that were collected by the wizard. Verify that the settings are correct and that there are no errors in the Done column. If you need to modify setting or address issues, either click Back to reach the applicable screen or Cancel out of the wizard to fix the issues and return later. If the settings are correct and there are no errors, click Finish. 13. To check the connectivity to the ESKM devices, from the Status > Security screen click Connectivity Check and verify that no errors are returned. Enrolling MSL6480 Libraries 45
46 4 Verifying Proper Configuration of the ESKM and Tape Libraries This section describes the configuration and execution of a test suite which verifies the ESKM cluster is operational. It can be performed on-site after all the ESKM and library configuration steps are completed. These verification steps are the same for all HP tape libraries. Test 1 will encrypt data to a scratch tape, then attempt to read that data in a non-encrypting configuration. The failure to read data will verify that encryption has occurred. Test 2 will force the HP tape library client to use a specific node of the ESKM cluster when obtaining an encryption key. The test will be repeated for each node in the installation, to confirm that each ESKM node is available and functional. Test 1: Verify that Tape Backups are Encrypted Test Summary Prerequisites Repeat this test for each library enrolled with the ESKM. This test is comprised of the following steps: 1. Load a tape cartridge into a drive, and create an encryption key by writing encrypted data to the tape. Then unload the cartridge. Demonstrate that the key has been replicated to each of the ESKM nodes. 2. The ability to export that key will be temporarily disabled. 3. Re-load the encrypted tape, and read it. Then unload the cartridge. The read operation will fail, demonstrating that the tape is encrypted. 4. The key export property will be re-enabled. 5. Load the encrypted tape, and read it. Then unload the cartridge. The read operation will succeed, demonstrating that the policy has been successfully re-enabled, and the system is ready for production. Demonstrate that key retrieval was logged in the ESKM activity log. Successful installation of all ESKM nodes. Successfully added all ESKM nodes to the cluster. Successfully completed all HP tape library pre-installation steps. Hardware updates, firmware updates, and partitioning (if required). Encryption feature client-side license is installed. Successfully completed enrollment of all HP tape libraries with the ESKM cluster. Customer s backup administrator is present. At least 1 scratch tape is present in each library. If the library is partitioned, identify the partition containing that cartridge. Customer has a console to access their ISV backup software. Customer has a console available to view the ESKM GUI. 46 Verifying Proper Configuration of the ESKM and Tape Libraries
47 Pre-test Configuration Steps Test Steps 1. Installer. Using a separate browser window for each ESKM node, log into each of the ESKM nodes via it s web GUI. Go to the Device Tab, select Log Viewer from the Logs and Statistics pane, select Activity. From Show last number of lines, select All. Click Display Log. 2. Customer. Login to the ISV software and ensure it can access the LTO4 or LTO5 tape drives to be used in this test. 1. Customer. Using the ISV console, load the scratch tape into an LTO4 or LTO5 drive in a partition or library with an encrypting policy (a partition or library having a KT or KP policy). Now format, or initialize, the tape using the ISV software. Optionally, write a few records to the tape. The actual operations will depend on the ISV software being used. But the intent is to initialize the tape and write a few records which can be restored later. The initialization process may be sufficient, if it writes records which may be later retrieved (timestamps, etc). Now, using the ISV software, read the records from tape. This demonstrates the encrypted data is readable. a. Installer. Using the ESKM browser windows, demonstrate that the Activity Log of one ESKM contains a new entry showing a key was created. In each of the other nodes GUI, go to the Security tab. In the Keys window, demonstrate that the key has been replicated to those nodes. Return to the Activity Log viewer after verifying the replication. NOTE: If the policy is KP (Key per Partition), the log will record a KeyClone operation instead of a KeyGen operation. b. Customer. Using the ISV console, unload the media to a library slot. 2. Installer. Temporarily disable the Export property for the key created in the previous step. In one of the ESKM GUIs, select Security tab. In the Keys and Policy Configuration pane, select the key created in the previous step. On the Key Properties pane, click Edit, uncheck the Exportable property, and click Save. Return to the Activity Log display. In each of the other ESKM GUIs, demonstrate to the customer that the property change was replicated by viewing the key Exportable property in the key list. The checkbox will be un-checked. Return to the Activity Log display. 3. Customer. Using the ISV console, load the scratch tape into an LTO4 or LTO5 drive in the same partition. Using a different drive is possible, to further demonstrate how all drives in the partition have the same policy. But, using the same drive is sufficient for this test. Read the records which were earlier written to the tape. This operation will fail, since the key export has been temporarily disabled. Unload the tape. Note the error message that is displayed. This will be the error message this ISV uses when encrypted tapes are placed in non-encrypting drives. In many cases, these messages indicate a write-protect error. 4. Installer. Re-enable the key export property, using the operations in step 2. Verify the property change is replicated to each node, by viewing the export property of the key at each of the ESKM nodes. 5. Customer. Using the ISV, load the tape into an LTO4 or LTO5 drive in the same partition. Read the records which were earlier written to the tape. This operation will succeed. Unload the tape. Installer. Using the Activity Log viewers, demonstrate to the customer that one of the ESKM nodes has now logged a key export. This concludes ESKM verification test 1. Test 1: Verify that Tape Backups are Encrypted 47
48 Issues If issues are found: No currently known failure modes. Any failures in this test would have been detected in the connectivity test, during library enrollment. Re-run the connectivity test in the CVTL Wizard. The most likely cause of failure of the connectivity test is an incorrectly entered, or missing, KeyGenPolicy. See step 12 in the installation poster. Test 2: Verify that Each ESKM Node Supports Tape Library Operations after Failure of a Single Node Test Summary Prerequisites This test will force the HP tape library client to use a specific node of the ESKM cluster when obtaining an encryption key. The test will be repeated for each node in the installation, to confirm that each node is available and functional. 1. Temporarily configure the ESKM cluster so only 1 ESKM node can export keys, using the ESKM GUI. 2. Load an encrypted tape, and read it. Unload the cartridge. The read operation will be successful. 3. Repeat steps 1 and 2, enabling a different ESKM in the cluster. The read operation will be successful. 4. The read operation will be successful. Successful installation of all ESKM nodes. Successfully added all ESKM nodes to the cluster. Successfully completed all HP tape library pre-installation steps. Hardware updates, firmware updates, and partitioning (if required). Secure Manager is licensed, and configured to allow access to the backup hosts. Successfully completed enrollment of all HP tape libraries with the ESKM cluster. Successfully completed Test 1. Customer s backup administrator is present. At least 1 scratch tape is present in each library. If the library is partitioned, identify the partition containing that cartridge. Customer has a console to access their ISV backup software. Customer has a console available to view the ESKM GUI. Pre-test Configuration Steps 1. Installer. Using a separate browser window for each ESKM node, log into each of the ESKM nodes via it s web GUI. Go to the Device Tab, select Log Viewer from the Logs and Statistics pane, select Activity. From Show last number of lines, select All. Click Display Log. 2. Customer. Login to the ISV software and ensure it can access the LTO4 or LTO5 tape drives to be used in this test. 48 Verifying Proper Configuration of the ESKM and Tape Libraries
49 Test Steps 1. Installer. Using ESKM GUIs, disable the KMS server on all ESKM nodes except one. From the Device tab, select Maintenance, Services. In the Services List, select KMS Server, and click Stop. Click Refresh, and verify the Status of the KMS Server is Stopped. 2. Customer. Using the ISV software, load the tape which was initialized and written in Test 1 into an LTO4 or LTO5 drive. Read the data. Then unload the cartridge. a. The read operation will be successful. This demonstrates that the key was available on the single node, the path to that node is operational, and the library client s certificates and credentials at that node are in order. b. Repeat step 2 for each library enrolled with the ESKM cluster. This verifies each library can communicate with that ESKM node. 3. Installer. Referring to step 1, re-start the KMS server on the ESKM node. 4. Repeat steps 1 3 for each ESKM in the cluster. This concludes ESKM verification test 2. Issues If the test fails for one node, the most likely cause is the server certificate on that node. Review the steps in the install poster regarding the server certificate (step 9b). Each node has it s own server certificate, but these certificates a) must have the same name, and b) must all be signed by the same CA. Example Verification The following screen shots provide an example using HP Data Protector. ISV Begins the Backup Policy ISV is Writing Data Example Verification 49
50 ESKM Activity Log Shows Key Generation for MINIME Second ESKM Node System Log Shows the Key was Replicated ESKM Key Page Shows New Key for MINIME ISV Success of the Backup and Unload of Media 50 Verifying Proper Configuration of the ESKM and Tape Libraries
51 ISV Begins Restore of Backup ISV Successful in Restore of Backup and Unload of Media Example Verification 51
52 ESKM Activity Log Shows Success Exporting Key for MINIME Unchecking the Export Setting of Key ISV Begins Restore of Backup after Disabling Key Export ISV Failed to Restore the Backup and Media was Unloaded 52 Verifying Proper Configuration of the ESKM and Tape Libraries
53 ISV Log/activity Shows Error that Key Not Available ESKM Activity Log Shows Error Getting Key for MINIME Re-enabling Key Export Setting Example Verification 53
54 Disabling KMS Server on ESKM Node that is Creating the Keys ISV Begins Restore of Backup ISV Successful in Restore of Backup and Unload of Media 54 Verifying Proper Configuration of the ESKM and Tape Libraries
55 ESKM Activity Log from Other Node Shows Success Exporting Key for MINIME Re-enabling First Node KMS Server Example Verification 55
56 5 Support and Other Resources Contacting HP For worldwide technical support information, see the HP support website: Before contacting HP, collect the following information: Product model names and numbers Technical support registration number (if applicable) Product serial numbers Error messages Operating system type and revision level Detailed questions Typographic Conventions Table 6 Document Conventions Convention Blue text: Table 6 (page 56) Blue, underlined text: Element Cross-reference links and addresses Website addresses Bold text Keys that are pressed Text typed into a GUI element, such as a box GUI elements that are clicked or selected, such as menu and list items, buttons, tabs, and check boxes Italic text Text emphasis Monospace text File and directory names System output Code Commands, their arguments, and argument values Monospace, italic text Code variables Command variables Monospace, bold text Emphasized monospace text IMPORTANT: Provides clarifying information or specific instructions. NOTE: Provides additional information. TIP: Provides helpful hints and shortcuts. Documentation feedback HP welcomes your feedback. To make comments and suggestions about product documentation, please send a message to storagedocsfeedback@hp.com. All submissions become the property of HP. 56 Support and Other Resources
57 Index C client accounts ESKM, 11 connectivity verifying on key manager, 34 contacting HP, 56 conventions document, 56 creating ESKM client accounts, 11 D determing key generation policies, 5 document conventions, 56 documentation providing feedback on, 56 E EM see externally managed EML E-Series enrolling, 15 requirements, 6 enrolling EML E-Series, 15 ESL E-Series, 15 ESL G3, 35 MSL6480, 44 enrolling libraries with the ESKM, 15 Enterprise Secure Key Manager see ESKM ESKM client accounts, 11 enrolling tape libraries, 15 pre-installation checklists, 7 testing, 46 tiers, 6 verifying configuration, 46 ESKM configuration prerequisites, 4 ESL E-Series enrolling, 15 requirements, 6 ESL G3 enrolling, 35 requirements, 6 externally managed, 5 H help obtaining, 56 HP technical support, 56 HP Data Protector example of verification, 49 K key generation policies, 5 externally managed, 5 key per partition, 5 key per tape, 5 no ecryption, 5 Key Management command, 34 key manager enroll library, 15 verify library connectivity, 34 key per library see key per partition key per partition, 5 key per tape, 5 KP see key per partition KT see key per tape L Launch Key Management Setup Wizard command, 35 library connectivity, 34 enroll with a key manager, 15 partitioning, 4 login ESKM, 4 SKM, 4 LTO4 drives key generation policies, 5 partitioning, 4 LTO5 drives key generation policies, 5 partitioning, 4 LTO6 drives partitioning, 4 M minimum requirements tape library firmware, 6 tape library hardware, 6 MSL6480 enrolling, 44 requirements, 6 N NE see no ecryption network ports, 4 ESKM, 4 SKM, 4 no ecryption, 5 P partitioning LTO4 drives, 4 LTO5 drives, 4 LTO6 drives, 4 partitioning the library, 4 57
58 policies key generation, 5 ports ESKM, 4 SKM, 4 pre-installation checklists for ESKM, 7 prerequisites configuring ESKM, 4 S Secure Key Manager see SKM T tape libraries enrolling, 15 testing, 46 verifying configuration, 46 tape library firmware requirements, 6 requirements, 6 technical support HP, 56 tests verification, 46 tiers, 6 typographic conventions, 56 V verification test 1 issues, 48 pre-test configuration, 47 prerequisites, 46 steps, 47 summary, 46 verification test 2 issues, 49 pre-test configuration, 48 prerequisites, 48 steps, 49 summary, 48 verification tests, 46 verifying configuration example, 49 tape libraries, 46 test 1, 46 test 2, Index
HP Intelligent Management Center Remote Site Management User Guide
HP Intelligent Management Center Remote Site Management User Guide Abstract This book provides overview and procedural information for Remote Site Management, an add-on service module to the Intelligent
More informationGuidelines for using Internet Information Server with HP StorageWorks Storage Mirroring
HP StorageWorks Guidelines for using Internet Information Server with HP StorageWorks Storage Mirroring Application Note doc-number Part number: T2558-96338 First edition: June 2009 Legal and notice information
More informationHPE StoreEver MSL6480 Tape Library Version 5.50 Firmware Release Notes
HPE StoreEver MSL6480 Tape Library Version 5.50 Firmware Release Notes Abstract This document provides information about enhancements and fixes to the firmware for the HPE StoreEver MSL6480 Tape Library.
More informationHPE 1/8 G2 Tape Autoloader and MSL Tape Libraries Encryption Kit User Guide
HPE 1/8 G2 Tape Autoloader and MSL Tape Libraries Encryption Kit User Guide Abstract This guide provides information about developing encryption key management processes, configuring the tape autoloader
More informationHPE StoreEver MSL6480 Tape Library CLI Utility Version 1.0 User Guide
HPE StoreEver MSL6480 Tape Library CLI Utility Version 1.0 User Guide Abstract This document explains how to install and use the HPE StoreEver MSL6480 Tape Library CLI utility, which provides a non-graphical
More informationHP StorageWorks. EVA Virtualization Adapter administrator guide
HP StorageWorks EVA Virtualization Adapter administrator guide Part number: 5697-0177 Third edition: September 2009 Legal and notice information Copyright 2008-2009 Hewlett-Packard Development Company,
More informationHP Intelligent Management Center v7.1 MySQL 5.6 Installation and Configuration Guide (Windows)
HP Intelligent Management Center v7.1 MySQL 5.6 Installation and Configuration Guide (Windows) Abstract This document provides installation and configuration information for MySQL. It includes the procedures
More informationHP LeftHand P4000 Virtual SAN Appliance in an HP BladeSystem environment solution guide
HP LeftHand P4000 Virtual SAN Appliance in an HP BladeSystem environment solution guide AT459-96002 Part number: AT459-96002 First edition: April 2009 Legal and notice information Copyright 2009 Hewlett-Packard
More informationHPE StoreEver Command View TL User Guide
HPE StoreEver Command View TL 5.0.00 User Guide Part Number: 344841-032 Published: March 2016 Edition: 1 Copyright 2003, 2016 Hewlett Packard Enterprise Development LP The information contained herein
More informationHP Data Protector Media Operations 6.11
HP Data Protector Media Operations 6.11 Getting started This guide describes installing, starting and configuring Media Operations. Copyright 2009 Hewlett-Packard Development Company, L.P. Part number:
More informationHP StoreEver Interface Manager and Command View for Tape Libraries
HP StoreEver Interface Manager and Command View for Tape Libraries Version 4.0.00 User Guide Abstract This guide provides information about installing the CVTL (Command View for Tape Libraries) software,
More informationHP Storage Provisioning Manager (SPM) Version 1.3 User Guide
HP Storage Provisioning Manager (SPM) Version 1.3 User Guide Abstract This guide provides information to successfully install, configure, and manage the HP Storage Provisioning Manager (SPM). It is intended
More informationVirtual Recovery Assistant user s guide
Virtual Recovery Assistant user s guide Part number: T2558-96323 Second edition: March 2009 Copyright 2009 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company makes no warranty of any kind
More informationConfiguring Security Mitigation Settings for Security Bulletin HPSBPI03569 Protecting Solution Installation Settings
Technical White Paper Configuring Security Mitigation Settings for Security Bulletin HPSBPI03569 Protecting Solution Installation Settings Table of contents Overview... 2 Using the Embedded Web Server
More informationHP StoreEver Interface Manager and Command View for Tape Libraries
HP StoreEver Interface Manager and Command View for Tape Libraries Version 3.7.00 User Guide Abstract This guide provides information about installing the Command View for Tape Libraries (Command View
More informationHPE Security Fortify WebInspect Enterprise Software Version: Windows operating systems. Installation and Implementation Guide
HPE Security Fortify WebInspect Enterprise Software Version: 17.10 Windows operating systems Installation and Implementation Guide Document Release Date: May 2017 Software Release Date: April 2017 Legal
More informationInstallation Guide. Tandberg Data DPS1000 Series Model: DPS1100 and DPS1200, Release: 1.3
Installation Guide Tandberg Data DPS1000 Series Model: DPS1100 and DPS1200, Release: 1.3 Contents Preface.......................................................................v About this guide..............................................................
More informationHP Service Test Management
HP Service Test Management for the Windows operating system Software Version: 11.00 Installation Guide Document Release Date: February 2011 Software Release Date: February 2011 Legal Notices Warranty The
More informationHP BladeSystem Management Pack (v 1.x) for Microsoft System Center User Guide
HP BladeSystem Management Pack (v 1.x) for Microsoft System Center User Guide Abstract This guide provides information on using the HP BladeSystem Management Pack for System Center version 1.x to manage
More informationHP StorageWorks Storage Mirroring user s guide Storage Mirroring Application Manager
HP StorageWorks Storage Mirroring user s guide Storage Mirroring Application Manager Part number: T2558-96046 Fifth edition: vember 2006 Legal and notice information Copyright 1999-2006 Hewlett-Packard
More informationHP StorageWorks Partitioning in an EBS Environment Implementation Guide
HP StorageWorks Partitioning in an EBS Environment Implementation Guide Part number: 381448-002 First edition: November 2004 Copyright 2004 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company
More informationHPE RDX Utility Version 2.36 Release Notes
HPE RDX Utility Version 2.36 Release Notes (RDX Tools 1.59) Abstract RDX Utility 2.36 (RDX Tools 1.59) enhances RDX Utility reporting for cartridges with a capacity greater than 2TB and implements Hewlett
More informationConfiguring Embedded LDAP Authentication
HP Restricted Configuring Embedded LDAP Authentication configure Configuring Embedded LDAP Authentication For HP product models: LaserJet 4345mfp, LaserJet 9040mfp, LaserJet 9050mfp, LaserJet 9500mfp,
More informationStandardize Microsoft SQL Server Cluster Provisioning Using HP DMA
Technical white paper Standardize Microsoft SQL Server Cluster Provisioning Using HP DMA HP Database and Middleware Automation version 10.30 Table of Contents Purpose 2 Prerequisites 4 Process Overview
More informationHP BladeSystem c-class Virtual Connect Support Utility Version Release Notes
HP BladeSystem c-class Virtual Connect Support Utility Version 1.9.1 Release Notes Abstract This document provides release information for the HP BladeSystem c-class Virtual Connect Support Utility Version
More informationv7.0 Intelligent Management Center MySQL 5.5 Installation and Configuration Guide (for Windows)
v7.0 Intelligent Management Center MySQL 5.5 Installation and Configuration Guide (for Windows) Abstract This document is intended to be the installation and configuration guide for MySQL in addition to
More informationHP Virtual Connect Enterprise Manager
HP Virtual Connect Enterprise Manager Data Migration Guide HP Part Number: 487488-001 Published: April 2008, first edition Copyright 2008 Hewlett-Packard Development Company, L.P. Legal Notices Confidential
More informationHP ALM Client MSI Generator
HP ALM Client MSI Generator Software Version: 1.00 User Guide Document Release Date: October 2010 Software Release Date: October 2010 Legal Notices Warranty The only warranties for HP products and services
More informationMcAfee Firewall Enterprise epolicy Orchestrator Extension
Integration Guide Revision A McAfee Firewall Enterprise epolicy Orchestrator Extension COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo,
More informationHPE Enterprise Integration Module for SAP Solution Manager 7.1
HPE Enterprise Integration Module for SAP Solution Manager 7.1 Software Version: 12.55 User Guide Document Release Date: August 2017 Software Release Date: August 2017 HPE Enterprise Integration Module
More informationHP ProLiant Agentless Management Pack (v 3.2) for Microsoft System Center User Guide
HP ProLiant Agentless Management Pack (v 3.2) for Microsoft System Center User Guide Abstract This guide provides information on using the HP ProLiant Agentless Management Pack for System Center version
More informationHP OneView for VMware vcenter User Guide
HP OneView for VMware vcenter User Guide Abstract This document contains detailed instructions for configuring and using HP OneView for VMware vcenter (formerly HP Insight Control for VMware vcenter Server).
More informationHP Enterprise Integration module for SAP applications
HP Enterprise Integration module for SAP applications Software Version: 2.60 User Guide Document Release Date: December 2010 Software Release Date: December 2010 Legal Notices Warranty The only warranties
More informationHPE Security ArcSight Connectors
HPE Security ArcSight Connectors SmartConnector for Application Security AppDetective DB Configuration Guide October 17, 2017 SmartConnector for Application Security AppDetective DB October 17, 2017 Copyright
More informationHPE ALM Client MSI Generator
HPE ALM Client MSI Generator Software Version: 12.55 User Guide Document Release Date: August 2017 Software Release Date: August 2017 HPE ALM Client MSI Generator Legal Notices Warranty The only warranties
More informationIDE Connector Customizer Readme
IDE Connector Customizer Readme Software version: 1.0 Publication date: November 2010 This file provides information about IDE Connector Customizer 1.0. Prerequisites for IDE Connector Customizer The Installation
More informationHPE LTO Ultrium 30750,15000, 6250, 3000, 1760, and 920 Internal Tape Drives Start Here
HPE LTO Ultrium 30750,15000, 6250, 3000, 1760, and 920 Internal Tape Drives Start Here Abstract This document describes how to install a StoreEver LTO Ultrium SAS internal tape drive and is intended for
More informationHP Database and Middleware Automation
HP Database and Middleware Automation For Windows Software Version: 10.10 SQL Server Database Refresh User Guide Document Release Date: June 2013 Software Release Date: June 2013 Legal Notices Warranty
More informationBest Practices for Configuring the Dell Compellent SMI-S Provider for Microsoft SCVMM 2012
Dell Compellent Storage Center Best Practices for Configuring the Dell Compellent SMI-S Provider for Microsoft SCVMM 2012 Document Revisions Date Revision Comments 04/11/2012 A First Revision THIS BEST
More informationHPE ALM Excel Add-in. Microsoft Excel Add-in Guide. Software Version: Go to HELP CENTER ONLINE
HPE ALM Excel Add-in Software Version: 12.55 Microsoft Excel Add-in Guide Go to HELP CENTER ONLINE http://alm-help.saas.hpe.com Document Release Date: August 2017 Software Release Date: August 2017 Legal
More informationHP Management Integration Framework 1.7
HP Management Integration Framework 1.7 Administrator Guide Abstract This document describes the use of HP Management Integration Framework interfaces and is intended for administrators involved in the
More informationProLiant Cluster HA/F500 for Enterprise Virtual Array Introduction Software and Hardware Pre-Checks Gathering Information...
Installation Checklist HP ProLiant Cluster F500 for Enterprise Virtual Array 4000/6000/8000 using Microsoft Windows Server 2003, Enterprise Edition Stretch Cluster May 2005 Table of Contents ProLiant Cluster
More informationHYCU SCOM Management Pack for F5 BIG-IP
USER GUIDE HYCU SCOM Management Pack for F5 BIG-IP Product version: 5.5 Product release date: August 2018 Document edition: First Legal notices Copyright notice 2015-2018 HYCU. All rights reserved. This
More informationHP UFT Connection Agent
HP UFT Connection Agent Software Version: For UFT 12.53 User Guide Document Release Date: June 2016 Software Release Date: June 2016 Legal Notices Warranty The only warranties for Hewlett Packard Enterprise
More informationHP StoreOnce 4900 (44TB) and (60TB) Capacity Expansion Kit
HP StoreOnce 4900 (44TB) and (60TB) Capacity Expansion Kit Installation Instructions Abstract This document explains how to install the HP StoreOnce 4900 (44TB) and (60TB) Capacity Expansion Kit, apply
More informationPolicy Manager for IBM WebSphere DataPower 7.2: Configuration Guide
Policy Manager for IBM WebSphere DataPower 7.2: Configuration Guide Policy Manager for IBM WebSphere DataPower Configuration Guide SOAPMDP_Config_7.2.0 Copyright Copyright 2015 SOA Software, Inc. All rights
More informationVMware Identity Manager Connector Installation and Configuration (Legacy Mode)
VMware Identity Manager Connector Installation and Configuration (Legacy Mode) VMware Identity Manager This document supports the version of each product listed and supports all subsequent versions until
More informationHP Insight Control for Microsoft System Center Installation Guide
HP Insight Control for Microsoft System Center Installation Guide Abstract This guide describes installing HP Insight Control for Microsoft System Center. This guide is intended for use by system integrators
More informationHP Device Manager 4.6
Technical white paper HP Device Manager 4.6 HP t5740 Windows XPe Support Guide Table of contents Overview... 3 Updating the HPDM Agent... 3 Symantec Endpoint Protection (SEP) Firewall... 3 VNC Shadowing...
More informationHPE Intelligent Management Center v7.3
HPE Intelligent Management Center v7.3 Service Operation Manager Administrator Guide Abstract This guide contains comprehensive conceptual information for network administrators and other personnel who
More informationHP StoreVirtual Storage Multi-Site Configuration Guide
HP StoreVirtual Storage Multi-Site Configuration Guide Abstract This guide contains detailed instructions for designing and implementing the Multi-Site SAN features of the LeftHand OS. The Multi-Site SAN
More informationHPE 3PAR OS MU3 Patch 18 Upgrade Instructions
HPE 3PAR OS 3.1.3 MU3 Patch 18 Upgrade Instructions This upgrade instructions document is for installing Patch 18 on the HPE 3PAR Operating System Software 3.1.3.334 (MU3). This document is for Hewlett
More informationHP Insight Remote Support Advanced HP StorageWorks P4000 Storage System
HP Insight Remote Support Advanced HP StorageWorks P4000 Storage System Migration Guide HP Part Number: 5900-1089 Published: August 2010, Edition 1 Copyright 2010 Hewlett-Packard Development Company, L.P.
More informationEnterprise Vault.cloud CloudLink Google Account Synchronization Guide. CloudLink to 4.0.3
Enterprise Vault.cloud CloudLink Google Account Synchronization Guide CloudLink 4.0.1 to 4.0.3 Enterprise Vault.cloud: CloudLink Google Account Synchronization Guide Last updated: 2018-06-08. Legal Notice
More informationHP OpenView Storage Data Protector A.05.10
HP OpenView Storage Data Protector A.05.10 ZDB for HP StorageWorks Enterprise Virtual Array (EVA) in the CA Configuration White Paper Edition: August 2004 Manufacturing Part Number: n/a August 2004 Copyright
More informationEMC SourceOne Discovery Manager Version 6.7
EMC SourceOne Discovery Manager Version 6.7 Installation and Administration Guide 300-012-743 REV A01 EMC Corporation Corporate Headquarters: Hopkinton, MA 01748-9103 1-508-435-1000 www.emc.com Copyright
More informationHP ALM. Software Version: patch 2. Business Views Microsoft Excel Add-in User Guide
HP ALM Software Version: 12.21 patch 2 Business Views Microsoft Excel Add-in User Guide Document Release Date: September 2016 Software Release Date: September 2016 Legal Notices Warranty The only warranties
More informationHPE OneView for VMware vcenter User Guide
HPE OneView for VMware vcenter User Guide Abstract This document contains detailed instructions for configuring and using HPE OneView for VMware vcenter. It is intended for system administrators who are
More informationHPE BladeSystem c-class Virtual Connect Support Utility Version Release Notes
HPE BladeSystem c-class Virtual Connect Support Utility Version 1.12.0 Release Notes Abstract This document provides release information for the HPE BladeSystem c-class Virtual Connect Support Utility
More informationHP integrated Citrix XenServer Online Help
HP integrated Citrix XenServer Online Help Part Number 486855-002 September 2008 (Second Edition) Copyright 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to
More informationSecure Access Configuration Guide For Wireless Clients
ProCurve Networking Secure Access Configuration Guide For Wireless Clients Secure Access Configuration Guide For Wireless Clients Introduction... 2 Configuration Scenarios... 2 Required Network Services...
More informationHPE Security ArcSight SmartConnectors. Format Preserving Encryption Environment Setup Guide
HPE Security ArcSight SmartConnectors Format Preserving Encryption Environment Setup Guide October 19, 2017 Legal Notices Warranty The only warranties for Hewlett Packard Enterprise products and services
More informationHP SM Service Catalog-PPM Center Project Proposal Integration Solution
HP SM Service Catalog-PPM Center Project Proposal Integration Solution Software Version: 1.01 For the supported Windows operating system Configuration Guide Document Release Date: September 2015 Software
More informationHP Operations Orchestration
HP Operations Orchestration Software Version: 7.20 HP Network Node Manager (i series) Integration Document Release Date: July 2008 Software Release Date: July 2008 Legal Notices Warranty The only warranties
More informationGuest Management Software V2.0.2 Release Notes
Guest Management Software V2.0.2 Release Notes Abstract These release notes provide important release-related information for GMS (Guest Management Software) Version 2.0.2. GMS V2.0.2 is MSM software version
More informationAchieve Patch Currency for Microsoft SQL Server Clustered Environments Using HP DMA
Technical white paper Achieve Patch Currency for Microsoft SQL Server Clustered Environments Using HP DMA HP Database and Middleware Automation version 10.30 Table of Contents Purpose 2 Prerequisites 4
More informationHP SmartTracker. Installation guide
HP SmartTracker Installation guide Edition 1 Copyright 2017 HP Development Company, L.P. Legal notices The information contained herein is subject to change without notice. The only warranties for HP products
More informationHP LeftHand SAN Solutions
HP LeftHand SAN Solutions Support Document Installation Manuals VSA 8.0 Quick Start - Demo Version Legal Notices Warranty The only warranties for HP products and services are set forth in the express warranty
More informationHPE Security ArcSight Connectors
HPE Security ArcSight Connectors SmartConnector for Microsoft DHCP File Configuration Guide October 17, 2017 Configuration Guide SmartConnector for Microsoft DHCP File October 17, 2017 Copyright 2006 2017
More informationHPE Security ArcSight Connectors
HPE Security ArcSight Connectors SmartConnector for Windows Event Log Unified: Microsoft Network Policy Server Supplemental Configuration Guide March 29, 2013 Supplemental Configuration Guide SmartConnector
More informationUpgrading MailMarshal SMTP 5.5 Installations to MailMarshal SMTP 2006
Upgrading MailMarshal SMTP 5.5 Installations to MailMarshal SMTP 2006 April, 2006 Contents Introduction 2 Case 1: Standalone MailMarshal SMTP Server 2 Case 2: Array of MailMarshal SMTP Servers 10 Additional
More informationHP 3PAR StoreServ Storage VMware ESX Host Persona Migration Guide
HP 3PAR StoreServ Storage VMware ESX Host Persona Migration Guide Abstract This guide is intended to assist customers in successfully migrating their VMware ESX/ESXi hosts on HP 3PAR StoreServ storage
More informationOMi Management Pack for Microsoft SQL Server. Software Version: For the Operations Manager i for Linux and Windows operating systems.
OMi Management Pack for Microsoft Software Version: 1.01 For the Operations Manager i for Linux and Windows operating systems User Guide Document Release Date: April 2017 Software Release Date: December
More informationAchieving regulatory compliance with reports from ProCurve PCM, IDM, and NIM
An HP ProCurve Networking Application Note Achieving regulatory compliance with reports from ProCurve PCM, IDM, and NIM Contents 1. Introduction... 2 2. Prerequisites... 2 3. Network diagram... 2 4. Instructions
More informationHP P6000 Cluster Extension Software Installation Guide
HP P6000 Cluster Extension Software Installation Guide This guide contains detailed instructions for installing and removing HP P6000 Cluster Extension Software in Windows and Linux environments. The intended
More informationHPE Security ArcSight User Behavior Analytics
HPE Security ArcSight Analytics Software Version: 5.0 Integration and Content Guide July 21, 2016 Legal Notices Warranty The only warranties for Hewlett Packard Enterprise products and services are set
More informationAutomated Sign-on for Mainframe Administrator Guide
Automated Sign-on for Mainframe Administrator Guide 12.5.1 For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government rights, patent policy,
More informationEnforced Client Policy & Reporting Server (EPRS) 2.3. Administration Guide
Enforced Client Policy & Reporting Server (EPRS) 2.3 Copyright 2016 Dell Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. Dell, the
More informationHPE 3PAR Remote Copy Extension Software Suite Implementation Service
Data sheet HPE 3PAR Remote Copy Extension Software Suite Implementation Service HPE Lifecycle Event Services HPE 3PAR Remote Copy Extension Software Suite Implementation Service provides customized deployment
More informationHP XP P9000 Remote Web Console Messages
HP XP P9000 Remote eb Console Messages Abstract This document lists the error codes and error messages for HP XP P9000 Remote eb Console for HP XP P9000 disk arrays, and provides recommended action for
More informationHewlett Packard Enterprise. HPE OmniStack for vsphere Upgrade Guide
Hewlett Packard Enterprise HPE OmniStack for vsphere Upgrade Guide Part number: P00126-001 Published: September 2017 2017 Hewlett Packard Enterprise Development LP Notices The information contained herein
More informationHP OneView for VMware vcenter User Guide
HP OneView for VMware vcenter User Guide Abstract This document contains detailed instructions for configuring and using HP OneView for VMware vcenter (formerly HP Insight Control for VMware vcenter Server).
More informationHP IDOL Site Admin. Software Version: Installation Guide
HP IDOL Site Admin Software Version: 10.9 Installation Guide Document Release Date: March 2015 Software Release Date: March 2015 Legal Notices Warranty The only warranties for HP products and services
More informationHP Operations Orchestration Software
HP Operations Orchestration Software Software Version: 7.51 HP Operations Manager Integration Guide Document Release Date: August 2009 Software Release Date: August 2009 Legal Notices Warranty The only
More informationHPE Security ArcSight Connectors
HPE Security ArcSight Connectors SmartConnector for Barracuda Firewall NG F- Series Syslog Configuration Guide October 17, 2017 Configuration Guide SmartConnector for Barracuda Firewall NG F-Series Syslog
More informationHPE LTO Ultrium 30750, 15000, 6250, 3000, 1760, and 920 External Tape Drives Start Here
HPE LTO Ultrium 30750, 15000, 6250, 3000, 1760, and 920 External Tape Drives Start Here Abstract This document describes how to connect a StoreEver LTO Ultrium SAS external tape drive to an external high-density
More informationHP StoreOnce Recovery Manager Central for VMware User Guide
HP StoreOnce Recovery Manager Central 1.2.0 for VMware User Guide Abstract The guide is intended for VMware and database administrators who are responsible for backing up databases. This guide provides
More informationHP P4000 SAN Solution User Guide
HP P4000 SAN Solution User Guide Abstract This guide provides information for configuring and using the HP SAN Solution. It includes hardware configuration and information about designing and implementing
More informationHP Insight Remote Support
HP Insight Remote Support Quick Start Guide HP Part Number: 5992-6211 Published: March 13, 2009; First Edition, second revision Copyright 2003-2009; Hewlett-Packard Development Company, L.P. Legal Notices
More informationHPE 3PAR OS GA Patch 12
HPE 3PAR OS 3.3.1 GA Patch 12 Upgrade Instructions Abstract This upgrade instructions document is for installing Patch 12 on the HPE 3PAR Operating System Software OS-3.3.1.215-GA. This document is for
More informationHPE Security ArcSight Connectors
HPE Security ArcSight Connectors SmartConnector for IP Flow (NetFlow/J-Flow) Configuration Guide October 17, 2017 SmartConnector for IP Flow (NetFlow/J-Flow) October 17, 2017 Copyright 2004 2017 Hewlett
More informationHPE StoreVirtual OS v13.5 Release Notes
HPE StoreVirtual OS v13.5 Release Notes Part Number: 865552-006 Published: May 2017 Edition: 2 Contents Release notes...4 Description... 4 Platforms supported for this release... 4 Update recommendation...4
More informationHP Enterprise Integration Module for SAP Solution Manager
HP Enterprise Integration Module for SAP Solution Manager Software Version: 12.01 User Guide Document Release Date: March 2015 Software Release Date: March 2015 Legal Notices Warranty The only warranties
More informationHP EVA Cluster Extension Software Installation Guide
HP EVA Cluster Extension Software Installation Guide Abstract This guide contains detailed instructions for installing and removing HP EVA Cluster Extension Software in Windows and Linux environments.
More informationHPE Security ArcSight Connectors
HPE Security ArcSight Connectors SmartConnector for Microsoft System Center Configuration Manager DB Configuration Guide October 17, 2017 SmartConnector for Microsoft System Center Configuration Manager
More informationManaging the Cisco APIC-EM and Applications
Managing Cisco APIC-EM Using the GUI, page 1 Cisco APIC-EM Application Separation, page 1 Information about Backing Up and Restoring the Cisco APIC-EM, page 4 Updating the Cisco APIC-EM Software, page
More informationFirewall Enterprise epolicy Orchestrator
Integration Guide McAfee Firewall Enterprise epolicy Orchestrator Extension version 5.2.1 COPYRIGHT Copyright 2011 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted,
More informationHP SCOM Management Packs User Guide
HP SCOM Management Packs User Guide Abstract This guide describes the HP extensions for Microsoft System Center Operations Manager that are provided as part of HP OneView for Microsoft System Center (formerly
More informationHPE 3PAR OS MU3 Patch 97 Upgrade Instructions
HPE 3PAR OS 3.2.2 MU3 Patch 97 Upgrade Instructions Abstract This upgrade instructions document is for installing Patch 97 on the HPE 3PAR Operating System Software. This document is for Hewlett Packard
More informationAbout the Configuration Guides for HP Unified
About the Configuration Guides for HP Unified Wired-W Products HP 830 Unified Wired-W PoE+ Switch Series HP 850 Unified Wired-W Appliance HP 870 Unified Wired-W Appliance HP 11900/10500/7500 20G Unified
More information