HP Enterprise Secure Key Manager Guide de l'utilisateur télécharger pdf (Page 25)

To use 2048-bit certificates, update the autoloader or library to the current version and retry the

test. The earliest firmware versions that generate 2048-bit certificates are:

• 1/8 G2 autoloader: 4.30

• MSL2024: 6.20

• MSL4048: 8.70

• MSL8048 and MSL8096: 1130

Basic encryption test

1. Using your backup application, load a scratch tape into a drive in a partition configured for

encryption with the key server.

2. Rewind and then initialize the tape. This will overwrite any previous contents with an encrypted

header. If all is configured correctly, the backup application will report successful media

initialization.

a. Log in to the key managers and confirm that a new key was created.

Refer to your server documentation for instructions.

b. Log in to other key servers in the cluster and confirm that the key is replicated to each

server.

3. Using your backup application, unload the cartridge to a slot.

4. From the key server find the key that was created in step 2 and temporarily disable the key’s

ability to be exported.

See your server documentation for instructions.

5. Using your backup application, load the same tape into any drive in the partition configured

for encryption with a key server. Read the header of the tape using a media identification or

similar command.

• The backup application should report a failure because the key cannot be exported but

header is encrypted.

• One of the key server logs should show a request for the key and that the request was

denied.

6. Using the backup application, unload the media to a slot.

7. From the key server, re-enable the ability to export the key that was disabled in step 4.

8. Repeat step 5. The command should succeed.

9. Unload the media to a slot.

This concludes the basic encryption test.

Failover test

1. From the basic encryption test, step 8, identify the key server that provided the key. This is the

server that logged the key export.

2. From the key server, temporarily disable that server’s ability to communicate with clients.

See the server documentation for instructions.

3. Repeat step 5 of the basic encryption test.

The command should succeed, with the key provided by a different server. You can identify

the server that exported the key by inspecting each server’s log files.

4. Unload the media to a slot.

5. If there are more than two key servers, continue disabling server-client communications and

repeating this test until every server has successfully served the key.

Basic encryption test 25

1 2 ... 20 21 22 23 24 25 26 27 28

Commentaires sur ces manuels

Pas de commentaire

HP Enterprise Secure Key Manager Guide de l'utilisateur Page 25

Commentaires sur ces manuels

Produits connexes et manuels pour Serveurs HP Enterprise Secure Key Manager