Dell™ PowerVault™ Encryption Key Manager
Dell™ PowerVault™ Encryption Key Manager
© 2007, 2010 Dell Inc. All rights reserved.
.
Dell Inc. . Dell, DELL PowerVault Dell Inc. .
. Dell Inc. .
. . . . . . . . . . . . . . . . |
|
. v |
|
. . . . . . . . . . . . . . . . |
. |
vii |
| |
|
|
|
|
. . . . . . . . . . . . . . . . |
. ix |
|
|
. . . . . . . . . . . |
. ix |
|
|
. . . . . . . . . . . . |
. ix |
|
|
. . . . . . |
. ix |
| |
|
. . . . . . . . . . . . . . . |
|
. x |
|
|
|
||
. . . . . . . . . . . . . . . x |
|
||
Linux . . . . . . . . . . . . . . x |
|
||
Microsoft Windows . . . . . . . . |
|
. x |
|
. . . . . . . . . . . . . |
|
. x |
|
. . . . . . . . . . |
. |
xiii |
|
Dell . . . . . . . . . . . . . |
. |
xiii |
|
1 . . . . . . . |
. 1-1 |
|
|
. . . . . . . . . . . . . . |
. 1-2 |
|
|
. . . . . . . . . . . . . |
. 1-3 |
|
|
. . . 1-5 |
|
||
. . . . . |
. 1-6 |
|
|
. . . . . . . . . . . . . 1-6 |
|
||
2 Encryption Key Manager |
|
2-1 |
|
. . . . . . . . . . 2-1 |
|
||
Encryption Key Manager . . . |
. |
2-1 |
|
2-2 |
|
||
. . . . . . |
. 2-2 |
|
|
Linux . . . . . . . . |
. |
2-3 |
|
Windows . . . . . . . . 2-3 |
|
||
. . . . . . . . . . |
. 2-4 |
|
|
JCEKS . . . . . . . . . . |
. |
2-4 |
|
| LTO 4 LTO 5 |
|
|
|
. . . . . . . . . . . . . . . |
. 2-4 |
|
|
. . . . . . . . . 2-6 |
|
||
Key Manager . . |
. 2-8 |
|
|
Encryption Key Manager . . . |
. |
2-9 |
|
. . . . . . . . 2-11 |
|
||
|
|
|
|
. . . . . . . . . . . . . . . 2-11 |
|
||
FIPS(Federal Information Processing Standard) |
|
|
|
140-2 . . . . . . . . . . . . |
2-12 |
|
3 Encryption Key Manager
. . . . . . . . . . . . . . . |
. 3-1 |
Key Manager ISO . |
. 3-1 |
Linux Encryption Key Manager . . . |
. 3-1 |
Windows Encryption Key Manager . . |
. 3-3 |
GUI , |
|
. . . . . . . . . . . . . . . |
. 3-6 |
LTO 4 LTO 5 |
|
. . . . . . . . . . . . . . . |
. 3-11 |
. . . . . . . . . . 3-16
4 Encryption Key Manager . . . 4-1
GUI Encryption Key Manager |
4-1 |
. . . . . . . . . . . . . . |
. 4-1 |
. . . . 4-1 |
|
Key Manager |
|
. . . . . . . . . . . . . . |
. 4-2 |
. . . . . . . . . . . . . 4-4
5 Encryption Key Manager . . . 5-1 Key Manager , . . . 5-1
. . . . . . . . 5-6 CLI . . . . . . . . . . . . . . . 5-9
6 . . . . . . . . . . . 6-1
Encryption Key Manager
. . . . . . . . . . . . 6-1 CLI EKM
. . . . . . . . . . . . . . |
|
. |
. 6-2 |
|
Key Manager . . . . |
|
. |
. |
6-3 |
Encryption Key Manager |
|
. |
. |
6-6 |
. . . . . . . . . . . . . |
. |
|
. 6-10 |
|
. . . . . . |
. 6-10 |
. . . . . . . . . . 6-10
. . . . . . . 6-10
. . . . . . . . . . . 6-11
. . . . . . . . 6-11
. . . . . . . . . . . . 6-11
. . . . . . . . . . . 6-12
(null) . . . . . . 6-12
. . . . . 6-12
. . . . . . . . . 6-13
. . . . . . . . . . 6-13
iii
SSL |
6-14 |
TCP |
6-14 |
SSL |
6-14 |
TCP |
6-15 |
. . . . . . . . . . |
. 6-15 |
. . . . . . . . . . . |
. 6-15 |
. . . . 6-16 |
. . . . . 6-16
. . . . . . . 6-17
. . . . . 6-17
. . . . . . . . . . 6-18
7 . . . . . . . . |
. . |
. 7-1 |
|
. . . . . . . . . . . . |
. . |
. 7-1 |
|
. . . . . . . . |
. . |
. 7-1 |
|
Audit.event.types . . . . . . . . . . . 7-1 |
|||
Audit.event.outcome . . . . . . . . . . 7-2 |
|||
Audit.eventQueue.max . . . . . . . . . 7-2 |
|||
Audit.handler.file.directory . . . . . . . . 7-3 |
|||
Audit.handler.file.size . . . . . . |
. . |
. |
7-3 |
Audit.handler.file.name . . . . . . |
. . |
. |
7-4 |
Audit.handler.file.multithreads . . . |
. . |
. |
7-4 |
Audit.handler.file.threadlifespan . . . |
. . |
. |
7-4 |
. . . . . . . . . |
. . |
. 7-5 |
Encryption Key Manager . . 7-5
. . . . . . . . . . . 7-6
. . . . . . . . . . . . . 7-8
8 . . . . |
. |
. . . |
. 8-1 |
A. . . . . . . |
. |
. . . |
. A-1 |
. . . . . . . . . A-1 |
|||
Linux . . . . . . . |
. |
. . . |
. A-1 |
. . . . . . . . |
. |
. . . |
. A-1 |
B. Encryption Key Manager
. . . . . . . . . . . . . . . B-1 Encryption Key Manager
. . . . . . . . . . . . . . . . . B-1 CLI . . . . . B-11
C. (FAQ) . . . . . |
. |
. C-1 |
. . . . . . . . . . . . . |
. |
. D-1 |
. . . . . . . . . . . . . . |
. |
. D-1 |
. . . . . . . . . . . . . . |
. |
. E-1 |
. . . . . . . . . . . . . . |
. |
. X-1 |
iv Dell Encryption Key Manager
|
1-1. Encryption Key Manager |
|
3-2. |
JVM . . . |
. |
. 3-4 |
|
|
|
. . . . . . . . . . . |
. 1-3 |
3-3. |
. . . . . . . |
. |
. 3-4 |
|
1-2. |
3-4. |
EKM (EKM Server |
|
|
||
|
|
. . . . . . . . . . . |
. 1-5 |
|
Configuration) . . . . . . . . 3-7 |
||
| |
1-3. |
|
1-8 |
3-5. |
EKM (EKM Server |
|
|
| |
2-1. |
LTO 4 LTO 5 |
|
Certificate Configuration) . . |
. |
. 3-8 |
|
|
|
. . . . . . . |
. 2-5 |
3-6. |
. . . . . . . |
. |
. 3-9 |
| |
2-2. |
LTO 4 LTO 5 |
3-7. |
. . . . . . . . . . . 3-18 |
|||
|
|
. . . . . . . . 2-6 |
3-8. |
. . . . . . . 3-19 |
|||
|
2-3. |
. . . . . . . . . 2-8 |
3-9. |
. . . . . . . . 3-20 |
|||
| |
2-4. |
. . . . . . . . . . 2-9 |
3-10. |
. . . . . . . . . . 3-21 |
|||
| |
2-5. |
. . . . . 2-10 |
5-1. |
. . . . . . . . . . . . 5-2 |
|||
| |
2-6. |
|
|
5-2. |
. . . . . . . . . . . . 5-2 |
||
| |
|
. . . . . . . . . . |
. 2-10 |
|
|
|
|
|
3-1. (Choose Destination |
|
|
|
|
|
|
|
|
Location) . . . . . . . . . . |
. 3-3 |
|
|
|
|
v
vi Dell Encryption Key Manager
1. |
. . . . . . |
. ix |
7-1. |
Encryption Key Manager |
|
1-1. |
. . . . . . . . . |
. 1-8 |
|
. . . . . . . |
. 7-6 |
2-1. |
Linux |
2-3 |
7-2. |
|
7-8 |
2-2. |
Windows |
2-3 |
8-1. |
. . . . . |
. 8-3 |
6-1. |
Encryption Key Manager |
6-6 |
|
|
|
vii
viii Dell Encryption Key Manager
Dell™ Encryption Key Manager
. .
vLTO 4 LTO 5
Encryption Key Manager
.
.
.
1.
|
|
|
|
|
, , |
|
, |
|
|
|
. |
|
|
|
, |
|
. |
|
|
|
|
|
. |
|
|
[ ] |
. |
|
|
{ } |
|
|
. |
|
|
| |
. |
|
|
< > |
. |
|
|
ix
, , .
.
.
:
.
.
vDell™ PowerVault™ TL2000 TL4000
.
vDell™ PowerVault™ TL2000 Tape Library and TL4000 Tape Library SCSI Reference SCSI SCSI
.
Linux
Red Hat
Red Hat Linux® URL .
v http://www.redhat.com
SuSE
SuSE Linux URL .
v http://www.suse.com
Microsoft Windows
Microsoft® Windows® URL .
v http://www.microsoft.com
http://support.dell.com .
Dell Encryption Key Manager
.
http://www.dell.com .
x Dell Encryption Key Manager
Library Managed Encryption for Tape LTO
.
xi
xii Dell Encryption Key Manager
Dell
800-WWW-DELL(800-999-3355) .
: , ,
Dell .
Dell , .
,
. , Dell .
1.http://supportapj.dell.com/support/index.aspx .
2.Choose A Country/Region
.
3.Contact Us .
4..
5.Dell .
xiii
xiv Dell Encryption Key Manager
1
|
|
|
. |
|
|
|
. . |
|
Dell Encryption Key Manager( Encryption Key Manager )) |
|
. |
| |
LTO 4 LTO 5 LTO 4 LTO 5 |
|
. |
|
|
|
. |
|
. |
|
|
| |
LTO 4 LTO 5 |
|
. |
|
2-2 |
|
. |
|
|
|
. |
|
, , |
|
. . |
|
|
|
, Dell Encryption Key Manager |
|
. 1-3 |
|
. |
|
|
|
. |
|
. |
|
. 1-3 |
|
. |
1-1
Encryption Key Manager Java Java Security . Java Security
. Encryption Key Manager
. .
Java Security
Java Security JCE(Java Cryptography Extension)
. Java Security Java Runtime Environment
. Encryption Key Manager
.
Java . 2-4
.
.
.
.
Encryption Key Manager
.
. 2-1 2 Encryption Key Manager
, 4-1 4 Encryption Key Manager
B .
Encryption Key Manager
. 2
.
.
KeyGroups.xml
.
1-2 Dell Encryption Key Manager
1-1. Encryption Key Manager
Dell Encryption Key Manager ( )
,
, Java™
. Encryption Key Manager Linux(SLES RHEL) Windows ,
.
Encryption Key Manager
. Dell Encryption Key Manager GUI(Graphical User Interface)
. Encryption Key Manager
. 2-4
.
1 1-3
Encryption Key Manager : Dell Encryption Key Manager
ECC
. Encryption Key Manager
| LTO 4 LTO 5 . () Encryption Key Manager .
( )
.
,
. ( , .)
. Encryption Key Manager
ECC(Error Correction Code) ,
. ( : Encryption Key Manager) ECC .
Encryption Key Manager TCP/IP
.
Encryption Key Manager
. Encryption Key Manager .
Encryption Key Manager AES
.
| |
LTO 4 LTO 5 Encryption Key |
|
Manager ID |
|
. |
|
. |
|
, Encryption |
|
Key Manager . |
|
. . |
1-4 Dell Encryption Key Manager
1-2.
Key Manager
.
.
( : Dell PowerVault TL2000/TL4000 ML6000
.
.
.
.
.
.
.
Encryption Key Manager
.
1 1-5
|
. |
|
|
v |
CommVault Galaxy 7.0 SP1 |
|
v |
Symantec Backup Exec 12 |
| |
LTO 4 LTO 5 |
|
|
. |
|
|
v |
Dell™ PowerVault™ TL2000 |
|
v |
Dell™ PowerVault™ TL4000 |
|
v |
Dell™ PowerVault™ ML6000 |
|
|
|
|
. |
|
|
|
Dell™ PowerVault™ TL2000 , Dell™ PowerVault™ TL4000 |
| |
Dell™ PowerVault™ ML6000 LTO 4 LTO |
| |
5 . |
|
Java Encryption Key Manager . |
|
|
|
. |
( )
.
.
. IBM T10
256 AES . 256 AES
. 256
AES .
Encryption Key Manager
.
.
. 256 AES .
/ .
/ .
, .
1-6 Dell Encryption Key Manager
Encryption Key Manager .
,
( ) .
keytool Encryption Key Manager
. AES
. Encryption Key Manager
.
|
Dell Encryption Key Manager |
| |
LTO 4 |
| |
LTO 5 Encryption Key Manager |
|
(DK) |
|
. Encryption Key Manager |
|
DK . DK |
|
DK . DK Encryption Key Manager |
| |
LTO 4 LTO 5 . LTO 4 LTO |
| |
5 DK |
| |
. LTO 4 LTO 5 |
|
. DK |
|
Encryption Key Manager |
|
. 1-8 1-3 . |
|
Dell Encryption Key Manager LTO |
|
. , |
|
. 3-16 |
|
. |
|
|
| |
LTO 4 |
| |
LTO 5 DK |
|
. DK |
|
. DK |
|
, |
|
. |
| |
LTO 4 LTO 5 |
|
Yosemite(Dell PowerVault TL2000 TL4000 ), CommVault |
|
Symantec Backup Exec . |
1 1-7
| |
T10 LTO 4 |
|||||||||
| |
LTO 5 . T10 |
|||||||||
|
256 AES . T10 DK |
|||||||||
|
|
|||||||||
|
. |
|||||||||
|
DK . |
|||||||||
|
. |
|||||||||
|
DK |
|||||||||
|
. |
|||||||||
|
|
|||||||||
|
1-3 . |
|||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1-3. . LTO 4 LTO 5
,
| . LTO 4 LTO 5
( , Encryption Key Manager ) DK
Encryption Key Manager
.
|
1-1. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
|
|
|
|
|
|
|
|
IBM |
|
T10 |
||
|
|
|
|
|
|
|
|
|
|
DK/ |
|
N/A |
|
|
|
|
|
|
|
|
|
|
|
DK/ |
|
DK/ |
|
|
|
|
|
|
|
|
|
DK |
= AES 256 DK |
|
|
|
|
|
|
|
|
|
|
|
1-8 Dell Encryption Key Manager
2 Encryption Key Manager
Encryption Key Manager
.
.
.
.
Encryption Key Manager
Encryption Key Manager .
Encryption Key Manager
.
vEncryption Key Manager .
v. 2-2
.
vJava UR(Unrestricted) . 2-2
.
vEncryption Key Manager JAR . 3-1 Key
| |
Manager ISO . |
v , .
3-6 GUI ,
3-16
v3-6 GUI ,
.
–. 3-14 Keytool -importseckey
.
–. 4-1 4 Encryption Key Manager .
–Encryption Key Manager
drive.acceptUnknownDrives .
2-1
5-10 adddrive 4-1
.
– Encryption Key Manager . 5-1 Key Manager
|
|
, . |
|
|
– . 5-6 |
|
|
. |
|
|
|
|
. |
|
| |
v |
LTO 4 LTO 5 |
|
v |
|
|
v |
Dell Encryption Key Manager |
| |
1. |
LTO 4 LTO 5 . |
|
|
|
v ( TL2000, TL4000, ML6000) |
|
|
|
. http://supportapj.dell.com/support/index.aspx . |
|
|
|
– |
Dell™ PowerVault™ TL2000 5.xx |
|
|
|
. |
|
|
– |
Dell™ PowerVault™ TL4000 5.xx |
|
|
|
. |
|
|
– |
Dell™ PowerVault™ ML6000 |
|
|
|
415G.xxx . |
|
|
v . |
|
|
|
77B5 . |
|
| |
2. |
LTO 4 LTO 5 |
|
|
|
( Dell |
|
|
|
). |
|
|
|
v Encryption Key Manager IP . |
|
|
3. |
Encryption Key Manager |
|
|
|
( Dell ). |
: JRE(Java Runtime Environment) IBM
Encryption Key Manager .
2-2 Dell Encryption Key Manager
Linux
vRHEL 4
vRHEL 5
vSLES 9
vSLES 10
| v SLES 11
Encryption Key Manager(Linux )
|
2-1. |
Linux |
|
||
|
|
|
|
|
|
|
|
|
I B M S o f t w a r e |
|
|
|
|
|
Developer Kit |
|
|
|
|
|
|
||
| |
64 AMD/Opteron/EM64T |
Java 6.0 SR5 |
http://support.dell.com |
||
|
|
||||
32 Intel® |
|||||
|
|
|
|||
|
|
|
|
|
|
|
|
||
| |
|
Dell PowerVault TL2000 , TL4000 ML6000 |
||
| |
|
. |
||
| |
|
http://support.dell.com . |
||
|
|
|
|
|
| |
|
LTO 4 LTO 5 . |
||
| |
|
http://support.dell.com . |
||
|
Windows |
|||
|
|
|
|
|
| |
|
Windows Server 2003, 2008 2008 R2 |
||
|
|
Dell Encryption Key Manager |
||
|
|
Encryption Key Manager 2007 9 14 (20070914) |
||
|
2.1 , IBM Runtime Environment . |
|||
|
|
2-2. Windows |
||
|
|
|
|
|
|
|
|
IBM Runtime Environment |
|
|
|
|
|
|
|
|
Windows 2003 |
v |
® |
|
|
|
AMD64/EM64T Windows IBM 64 Runtime Environment, |
|
|
|
|
|
Java 2 Technology Edition, 5.0 SR5 |
|
|
|
v |
Windows IBM 32 Runtime Environment, Java 2 Technology |
|
|
|
|
Edition, 5.0 SR5 |
|
|
|
|
|
2 Encryption Key Manager 2-3
|
2-2. Windows ( ) |
||
|
|
|
|
|
|
|
IBM Runtime Environment |
| |
|
|
|
Windows 2008 |
|
AMD64/EM64T Windows IBM 64 Runtime Environment, |
|
| |
2008 R2 |
|
Java 2 Technology Edition, 6.0 SR5 |
|
|
|
|
|
|
| |
Dell™ PowerVault™ TL2000 , Dell™ PowerVault™ TL4000 |
| |
Dell™ PowerVault™ ML6000 |
| |
. http://support.dell.com |
| |
. |
|
|
| |
LTO 4 LTO 5 . |
| |
http://support.dell.com . |
.
.
.
JCEKS
|
EKM JCEKS . |
|
JCEKS(Unix System Services ) EKM |
|
. |
|
EKM . |
|
JCEKS |
|
. FTP . |
| |
LTO 4 LTO 5 |
|
Dell Encryption Key Manager |
|
256 AES . |
|
. |
| |
LTO LTO 4 LTO 5 |
|
Encryption Key Manager 256 AES |
|
. |
2-4 Dell Encryption Key Manager
| |
LTO 4 LTO 5 Encryption Key Manager |
|||||||||||||
|
. |
|||||||||||||
|
symmetricKeySet , |
|||||||||||||
|
. |
|||||||||||||
|
. |
|||||||||||||
|
(DK) . Encryption |
|||||||||||||
|
Key Manager |
|||||||||||||
| |
DK LTO 4 LTO 5 |
|||||||||||||
|
. DK TCP/IP . |
|||||||||||||
|
ID(DKi) |
|||||||||||||
|
. Encryption Key Manager DKi |
|||||||||||||
| |
LTO 4 LTO 5 |
|||||||||||||
|
DK . |
|||||||||||||
|
5-9 CLI adddrive moddrive |
|||||||||||||
|
. symmetricKeySet |
|||||||||||||
| |
, 3-11 LTO 4 LTO |
|||||||||||||
| |
5 . 3-16 |
|||||||||||||
|
|
|||||||||||||
|
. |
|
|
|
|
|
|
|
|
|
|
|||
|
2-1 . |
|||||||||||||
|
|
|
|
|
|
|
|
|
6 |
|
|
|
|
|
|
5 |
DK, DKi |
|
|
|
|
|
|
7 |
|||||
|
|
|
|
|
|
|
|
|
|
|||||
|
|
Key Manager |
|
|
|
|
|
|||||||
|
|
|
|
|
|
|
|
|||||||
|
3 |
alias |
|
|
DK |
|
|
|
|
|
|
|||
|
|
1 |
|
|
|
|
||||||||
|
|
|
|
|
Config |
|
|
|
||||||
|
|
|
|
|
|
|
File |
|
|
|
||||
|
|
4 |
|
2 |
|
|
|
|
|
|
||||
|
|
Key |
|
|
|
Drive |
|
|
|
|||||
|
|
store |
|
|
|
Table |
|
|
|
|||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2-1. LTO 4 LTO 5
1..
2.Encryption Key Manager .
2 Encryption Key Manager 2-5
3.Encryption Key Manager keyAliasList
.
4.Encryption Key Manager DK .
5.Encryption Key Manager DKi
DK .
6.Encryption Key Manager DK DKi .
7.DK DKi
.
2-2 .
4 |
DK |
|
5 |
|
|
||
|
Key Manager |
6 |
|
|
|
||
3 |
DKi |
Alias |
1 |
|
|
|
|
|
|
Config |
|
|
|
File |
|
|
|
2 |
|
|
Key |
Drive |
|
|
store |
Table |
|
| 2-2. LTO 4 LTO 5
1.Encryption Key Manager DKi
.
2.Encryption Key Manager .
3.Encryption Key Manager DKi DK
.
4.Encryption Key Manager DK
.
5.Encryption Key Manager DK .
6.DK .
:
.
2-6 Dell Encryption Key Manager