How it Works
HP
Loading...
S
Loading...
Loading...
Secure Key Manager
User Manual
327 pgs8.71 Mb0
User Manual
352 pgs7.51 Mb0
Table of contents
Loading...

HP Secure Key Manager User Manual

HP StorageWorks Secure Key Manager
users guide
AJ087-96011
Part number: AJ087–96011
nd edition: November 2008
2
Legal and notice information
12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor’s standard commercial license.
The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.
Compaq Computer Corporation is a wholly-owned subsidiary of Hewlett-Packard Company. Adobe® and Acrobat® are trademarks of Adobe Systems Incorporated. Intel, Itanium, Pentium, Intel Inside, and the Intel Inside logo are trademarks or registered trademarks of Intel Corporation or its
subsidiaries in the United States and other countries. Microsoft, Windows, Windows XP, and Windows NT are U.S. registered trademarks of Microsoft Corporation. Microsoft, Windows, Windows NT, and Windows XP are U.S. registered trademarks of Microsoft Corporation. Java is a US trademark of Sun Microsystems, Inc. Oracle® is a registered U.S. trademark of Oracle Corporation, Redwood City, California. UNIX® is a registered trademark of The Open Group.
Contents
1Installingandreplacinghardware................. 21
Preparingfortheinstallation................................. 21
Toolsforinstallation .................................. 21
TakingESDprecautions................................. 21
Groundingmethodstopreventelectrostaticdischarge.................... 21
Rackplanningresources .................................. 22
Rackrequirements................................... 22
Rackwarnings .................................... 22
Optimumenvironment ................................... 23
Space and airowrequirements ............................. 23
Temperaturerequirements................................ 23
Powerrequirements .................................. 24
Electricalgroundingrequirements ............................ 24
Unpacking ........................................ 25
Identifyingtheshippingcartoncontents............................ 25
Selectingaracklocation .................................. 26
RemovinganexistingSKM(appliance)fromthesystem ..................... 27
Installingtherailsintherack ................................ 27
Attachingrailstotheappliance ............................... 28
Installingtheapplianceintherack.............................. 28
Attachingthecables.................................... 28
2Configuring the system . . . . ................... 31
StartingtheSKMappliance................................. 31
Conguring the rstSKMappliance ............................. 33
Setting up the local CerticateAuthority(CA) ....................... 34
Creating the SKM server certicate............................ 35
EnablingSSLontheKeyManagementSystem(KMS)Server ................. 37
Establishingacluster.................................... 37
Creatingthecluster .................................. 38
Copying the Local CA certicate............................. 38
Adding SKM appliances to the cluster . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Creating and installing the SKM Server Certicate ..................... 40
Propagating third-party certicates.............................. 41
Copying the certicates................................. 41
Installing the certicates ................................ 42
EnrollingclientdeviceswiththeSKM............................. 42
Verifying that installation and initial congurationissuccessful .................. 42
3Performingconfigurationandoperationtasks ............ 43
Keyandpolicyprocedures ................................. 43
Creatingakey .................................... 43
Importingakey.................................... 43
Settinggrouppermissionsforakey............................ 44
DownloadinganRSAkey................................ 44
Deletingakey..................................... 44
Authorizationpolicyprocedures ............................... 45
Creatinganauthorizationpolicy............................. 45
Deletinganauthorizationpolicy ............................. 45
Userandgroupprocedures................................. 45
Secure Key Manager
3
Creatingauser .................................... 45
Creatingagroup ................................... 46
Addingausertoagroup................................ 46
Removingauserfromagroup.............................. 46
Deletingauser .................................... 46
Deletingagroup ................................... 47
LDAPserverprocedures................................... 47
SettinguptheLDAPuserdirectory ............................ 47
TestingtheLDAPuserdirectoryconnection......................... 47
SettinguptheLDAPschema............................... 47
SettingupanLDAPfailoverserver ............................ 48
TestingtheLDAPfailoverserverconnection ........................ 48
Certicateprocedures ................................... 48
Creating a certicaterequest .............................. 48
Creating a server certicatefortheSKM ......................... 48
Creating a client certicate ............................... 50
Creating a self-signed certicate............................. 51
Installing a certicate.................................. 51
Installing a certicatechain............................... 52
Downloading a certicate................................ 52
CerticateAuthority(CA)procedures............................. 53
Adding a CA certicatetothetrustedCAlist ....................... 53
Removing a CA certicatefromthetrustedCAlist ..................... 53
Creating a new trusted CA list prole........................... 53
Deleting a trusted CA list prole ............................. 54
Signing certicaterequestswithalocalCA ........................ 54
Viewing the certicatessignedbyalocalCA ....................... 54
DownloadingalocalCA................................ 54
DeletingalocalCA .................................. 55
CreatingalocalCA.................................. 55
Creatingaself-signedrootCA.............................. 55
CreatinganintermediateCArequest........................... 55
Installing a CA certicate................................ 56
Removing a CA certicate ............................... 56
FIPSstatusserverprocedures ................................ 57
EnablingtheFIPSstatusserver.............................. 57
ViewingtheFIPSstatusreport .............................. 57
KMSserverprocedures................................... 57
EnablingSSL ..................................... 57
Enabling key and policy congurationbyclientapplications................. 58
EnablingtheLDAPserver................................ 58
Enablingpasswordauthentication ............................ 58
Enabling client certicateauthentication.......................... 58
Conguringtheuseraccountlockoutsettings........................ 59
Clusteringprocedures ................................... 59
Creatingacluster ................................... 59
Joiningacluster.................................... 59
Synchronizingwithaclustermember........................... 60
SettingupSSLinacluster................................ 60
Removingadevicefromacluster............................. 61
Upgradingacluster .................................. 61
Deletingacluster ................................... 61
Dateandtimeprocedures.................................. 61
SettingthedateandtimeontheSKM........................... 61
ConguringanNTPserverconnection .......................... 62
ManuallysynchronizingwithanNTPserver ........................ 62
IPauthorizationprocedures................................. 62
SpecifyingwhichclientscanconnecttotheSKM...................... 62
SNMPprocedures..................................... 63
ConguringSNMPv1/v2ontheSKM .......................... 63
4
ConguringSNMPv3ontheSKM ............................ 63
Administratorprocedures.................................. 64
Creatinganadministrator................................ 64
Deletinganadministrator................................ 64
LDAPAdministratorserverprocedures............................. 64
SettinguptheLDAPadministratorserver ......................... 64
TestingtheLDAPadministratorserverconnection...................... 64
SettinguptheLDAPschema............................... 65
SettinguptheLDAPfailoverserver............................ 65
TestingtheLDAPfailoverserverconnection ........................ 65
Passwordmanagementprocedures.............................. 65
Changingyourpassword................................ 65
Conguringpasswordsettingsforlocaladministrators.................... 65
Changing passwords when a security ofcerleaves..................... 66
Multiplecredentialsprocedures ............................... 66
Conguringthemultiplecredentialsfeature ........................ 66
Grantingcredentials.................................. 67
Revokingacredentialgrant............................... 67
Remoteadministrationprocedures .............................. 67
EnablingtheWebAdminUserAuthenticationfeature.................... 67
Signing a certicate request and downloading the certicate............... 67
Converting a certicatefromPEMtoPKCS12format .................. 68
Importing a certicatetoawebbrowser ....................... 68
EnablingWebAdminUserAuthenticationontheSKM ................. 68
Backup procedures for keys, congurations, and certicates ................... 69
Importingandexportingkeysbetweenclusters....................... 69
Backing up congurations and certicatestoexternalserver,thentoCD............ 76
Backingupkeystoexternalserver,thentoDVD ...................... 78
Log congurationprocedures ................................ 80
Conguringlogrotation ................................ 80
Enablingsyslog.................................... 80
Enablingsignedlogs.................................. 80
VerifyingasecurelogusingMicrosoftOutlook....................... 80
VerifyingasecurelogusingOpenSSL........................... 81
Recreating the log signing certicate........................... 82
Logviewprocedures.................................... 82
Viewinganarchivedlog ................................ 82
Manuallyrotatingalog................................. 82
Downloadingalog .................................. 82
Clearingalog .................................... 82
4 Maintaining the SKM ...................... 85
Backupandrestoreoverview ................................ 85
Backupandrestorepage.................................. 86
Createbackup .................................... 86
Createbackup:securityitems ............................ 86
CreateBackup:DeviceItems ............................ 87
CreateBackup:BackupSettings........................... 88
RestoreBackup .................................... 89
BackupRestoreInformation ............................... 90
InternalBackupList................................... 91
Services Congurationpage ................................ 92
ServicesList...................................... 92
Restart/Halt...................................... 93
SystemInformationpage .................................. 94
DeviceInformation................................... 94
LicenseInformation................................... 94
SoftwareUpgrade/Install................................ 95
Upgradingtoapatchrelease............................ 96
Secure Key Manager
5
Rollingbacksoftware ............................... 96
SystemHealthpage .................................... 96
Refreshpage ..................................... 96
PowerSupplyStatus .................................. 97
CoolingFanStatus................................... 98
NetworkDiagnosticspage ................................. 98
PingInformation.................................... 98
TracerouteInformation ................................. 99
HostInformation.................................... 99
NetstatInformation................................... 99
ReadingNetstatResults............................... 100
ASKMapplianceinformationsheet ................. 101
BUsingtheManagementConsole.................. 103
Logginginandout..................................... 103
UsingtheHometab .................................... 103
Summaryscreen.................................... 103
SecuritySummary................................. 103
SystemSummary ................................. 104
RecentActions .................................. 105
Searchscreen..................................... 105
UsingfeaturescommontotheSecurityandDevicetabs ..................... 106
Filteringsections.................................... 107
Settingthenumberofitemsperpage........................... 107
AccessingtheHelpsystem ............................... 107
Using the Key and Policy Congurationscreen......................... 108
Keys......................................... 109
KeyProperties..................................... 111
Versionedkeys .................................... 112
GroupPermissions................................... 113
CustomAttributes ................................... 114
KeyVersionsandAvailableUsage............................ 114
RSAPublicKey .................................... 115
CreateQuery..................................... 116
ModifyQuery..................................... 117
CreateKey...................................... 118
CloneKey ...................................... 119
ImportKey ...................................... 120
Authorization Policy CongurationPage.......................... 122
AuthorizationPolicies................................ 122
AuthorizationPolicyProperties............................ 123
AuthorizedUsagePeriods.............................. 124
ActiveVersions .................................... 125
CustomKeyAttributes ................................. 125
Conguringtheusersandgroups .............................. 126
LocalUsers...................................... 127
UserAdministrationPermission............................ 127
SelectedLocalUser .................................. 128
CustomAttributes ................................... 128
LocalGroups ..................................... 129
LocalGroupProperties................................. 130
UserList ....................................... 130
LDAP Server Conguration ............................... 131
LDAPUserDirectoryProperties............................ 131
LDAPSchemaProperties .............................. 132
LDAPFailoverServerProperties ........................... 133
LDAP User & Group Conguration............................ 134
LDAPUsers.................................... 134
6
LDAPGroups ................................... 135
UserList ..................................... 135
Certicate and CA CongurationPage............................ 136
CerticateList..................................... 136
CerticateInformation ................................. 137
CerticateInstallation ................................. 139
Self Signed Certicate ................................. 140
Create CerticateRequest................................ 141
Using the Import Certicatescreen............................ 142
Using the Certicate and CA Congurationscreen ....................... 143
Trusted Certicate Authority List Proles .......................... 143
The Default Prole................................. 144
Trusted CerticateAuthorityList ............................. 144
Local CerticateAuthority(CA)List............................ 145
CA CerticateProperties ................................ 146
Sign CerticateRequest................................. 147
Signed Certificates................................... 148
Signed CertificateInformation.............................. 149
CreateLocalCA.................................... 150
CA CerticateList ................................... 151
Install CA Certicate.................................. 152
Support for CerticateRevocationLists ............................ 153
LocalCAs ...................................... 153
Auto-Update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
ForcePeriodicUpdate ............................... 154
RelatedCLICommands............................... 154
Usingadvancedsecurityfeatures............................... 155
AdvancedSecurityoverview............................... 155
AdvancedSecurityAccessControl.......................... 155
High Security Congurationpage ............................ 156
FIPSCompliance ................................. 156
HighSecuritySettings ............................... 157
Security Settings ConguredElsewhere ........................ 158
HighSecurityProcedures................................ 159
ConguringtheSKMforFIPSCompliance....................... 159
ConguringtheHighSecuritySettingsonanSKM ................... 160
FIPSStatusServeroverview............................... 160
FIPSStatusReport ................................. 161
FIPSStatusServerpage................................. 163
FIPSStatusServerSettings.............................. 163
SSLoverview ..................................... 164
SSLHandshake .................................. 164
SSLSections ..................................... 165
SSLOptions.................................... 165
SSLCipherOrder ................................. 166
ConguringtheKMSServer................................. 168
Authenticationoverview................................. 168
AuthenticationOptions............................... 168
Key Management Services Congurationsections...................... 169
KMSServerSettings ................................ 169
KMSServerAuthenticationSettings.......................... 170
UserAccountLockoutSettings............................ 173
HealthCheckoverview................................. 173
HealthChecksections ................................. 173
HealthCheck................................... 174
Conguringthecluster ................................... 174
Clusteringoverview .................................. 174
TheClusterKey .................................. 175
Cluster Congurationpage ............................... 176
ClusterMembers ................................. 176
Secure Key Manager
7
ClusterSettings .................................. 177
CreateCluster................................... 178
JoinCluster.................................... 179
ConguringtheDate&Time ................................ 180
NetworkTimeProtocoloverview............................. 180
Date&TimeConfigurationPage............................. 181
DateandTimeSettings............................... 181
NTPSettings ................................... 182
Conguringthenetwork .................................. 182
NetworkInterfacessections............................... 183
NetworkInterfaceList ............................... 183
Gateways&Routingsections .............................. 183
DefaultGatewayList................................ 183
Examples of Default Gateway Congurations ..................... 184
StaticRouteList .................................. 185
Hostname&DNSsections ............................... 186
HostnameSetting ................................. 186
DNSServerList .................................. 187
PortSpeedsections .................................. 187
NetworkInterfacePortSpeed/Duplex......................... 187
IPAuthorizationsections ................................ 188
IPAuthorizationSettings .............................. 188
AllowedClientIPAddresses............................. 189
ConguringSNMP..................................... 190
SNMPoverview.................................... 190
Authentication................................... 191
The SNMP Congurationpage ............................. 192
SNMPAgentSettings ............................... 192
SNMPv1/SNMPv2CommunityList.......................... 193
SNMPv3UsernameList............................... 194
SNMPManagementStationList ........................... 195
SNMPManagementStationProperties ........................ 196
CreateSNMPManagementStation ......................... 197
EnterpriseMIBoverview ................................ 199
Conguringadministratoraccounts.............................. 200
Administratoroverview................................. 201
Accesscontrols .................................. 201
Usingmultipleadministratoraccounts......................... 202
HighAccessAdministrators............................. 202
DefaultAdministrator................................ 202
LocalandLDAPAdministrators............................ 202
Administratorpasswords .............................. 202
LDAPadministrators .................................. 203
LDAPadministrativeserver ............................... 203
Administratorprocedures................................ 204
Creatinganadministrator.............................. 204
Deletinganadministrator.............................. 204
CreateLDAPAdministrator ............................. 205
SelectLDAPUsername ............................... 207
PasswordManagementoverview............................. 207
Passwordconstraints................................ 207
PasswordManagementsections ............................. 209
ChangeYourPasswordsection............................ 209
PasswordSettingsforLocalAdministrators....................... 209
MultipleCredentialsoverview.............................. 211
Operationsrequiringmultipleauthentication...................... 211
MultipleCredentialssections .............................. 213
MultipleCredentialsforKeyAdministration ...................... 213
CredentialsGranted................................ 214
GrantaCredential................................. 214
8
RemoteAdministrationSettingsoverview ......................... 215
RemoteAdministrationSettingssections.......................... 215
RemoteAdministrationSettings ........................... 216
LDAPAdministratorServer ................................. 218
LDAPAdministratorserverandFIPScompliance ...................... 218
LDAPAdministratorServerPropertiessection........................ 218
LDAPSchemaProperties ................................ 219
LDAPFailoverServerProperties ............................. 220
Viewinglogsandstatistics ................................. 221
Loggingoverview ................................... 221
Logrotation.................................... 221
Securelogs.................................... 224
Log Congurationpage ................................ 224
RotationSchedule ................................. 224
LogRotationProperties............................... 225
SyslogSettings .................................. 226
LogSigning.................................... 227
Log Signing CerticateInformation.......................... 228
ActivityLogSettings ................................ 229
LogViewerpage ................................... 229
SystemLog.................................... 229
AuditLog..................................... 230
ActivityLog.................................... 231
ClientEventLog.................................. 234
Statisticspage..................................... 235
RefreshStatistics.................................. 236
SystemStatistics.................................. 236
ConnectionStatistics................................ 237
Throughput.................................... 237
LicenseUsage................................... 238
RefreshStatistics(server) .............................. 238
KMSStatistics................................... 239
CUsingtheCommandLineInterface................. 241
Shellcommands...................................... 241
CommandLineInterfacesyntax ............................... 241
Quotingarguments .................................. 241
Escapingcharactersusingbackslash......................... 242
Tabcompletion .................................. 242
Commandshortcuts ................................ 242
Commandsearch ................................. 243
Commandmodes ..................................... 243
Enteringviewmode .................................. 243
Entering conguremode .............................. 243
Enteringscriptmode................................ 243
Scriptingmode ...................................... 244
Creatingscripts.................................... 244
Manualcreation.................................. 244
Executingscripts.................................. 244
Displayinganddeletingscripts ........................... 245
Installing certicates ................................ 245
Enteringpasswords ................................ 245
CLIcommands ...................................... 245
Activitylogcommands................................. 252
Administrator&LDAPcommands ............................ 252
Auditlogcommands.................................. 256
Autologoutcommands ................................. 256
Backupandrestorecommands ............................. 257
CA certicatecommands................................ 257
Certicatecommands ................................. 262
Secure Key Manager
9
CRLcommands .................................... 264
Clienteventlogcommands ............................... 267
Deviceresetandrestorecommands ........................... 268
Diagnosticcommands ................................. 269
FIPScommands.................................... 269
Health check congurationcommands .......................... 272
Helpcommands.................................... 272
Historycommands................................... 272
Logcommands .................................... 273
Modecommands ................................... 277
Networkcommands .................................. 277
Servicescommands .................................. 282
SNMPcommands................................... 284
SSLcommands .................................... 288
Statisticscommands .................................. 291
Systemcommands................................... 291
Systemhealthcommands................................ 294
Systeminformationcommands.............................. 295
Systemlogcommands ................................. 296
DTroubleshooting......................... 297
ERegulatorycompliancenotices .................. 299
Regulatory compliance identicationnumbers ......................... 299
FederalCommunicationsCommissionnotice.......................... 299
FCCratinglabel.................................... 299
ClassAequipment................................. 299
ClassBequipment................................. 299
Declaration of Conformity for products marked with the FCC logo, United States only . . . . . . 300
Modication ..................................... 300
Cables........................................ 300
Canadiannotice(AvisCanadien) .............................. 300
ClassAequipment................................... 300
ClassBequipment................................... 300
EuropeanUnionnotice................................... 300
Japanesenotices ..................................... 301
Koreannotices ...................................... 301
ClassAequipment................................... 301
ClassBequipment................................... 301
Taiwanesenotices..................................... 302
BSMIClassAnotice.................................. 302
Taiwanbatteryrecyclestatement............................. 302
Lasercompliance ..................................... 302
Dutchlasernotice ................................... 303
Frenchlasernotice................................... 303
Germanlasernotice.................................. 303
Italianlasernotice................................... 304
Japaneselasernotice ................................. 304
Spanishlasernotice .................................. 304
Recyclingnotices ..................................... 305
Disposal of waste equipment by users in private household in the European Union . . . . . . . . 305
Dutchnotice ..................................... 305
Czecholslovakiannotice ................................ 305
Estoniannotice .................................... 306
Finnishnotice..................................... 306
Frenchnotice ..................................... 306
Germannotice .................................... 306
Greeknotice ..................................... 307
Hungariannotice ................................... 307
10
Italiannotice ..................................... 307
Latviannotice..................................... 308
Lithuaniannotice ................................... 308
Polishnotice ..................................... 308
Portuguesenotice ................................... 309
Slovakiannotice.................................... 309
Sloveniannotice.................................... 309
Spanishnotice .................................... 310
Swedishnotice .................................... 310
Batteryreplacementnotices................................. 311
Dutchbatterynotice .................................. 311
Frenchbatterynotice.................................. 311
Germanbatterynotice................................. 312
Italianbatterynotice.................................. 312
Japanesebatterynotice................................. 313
Spanishbatterynotice ................................. 313
FSpecifications.......................... 315
SKM appliance specications................................ 315
Environmental specications................................. 316
GAboutthisguide ........................ 317
Intendedaudience..................................... 317
Relateddocumentation................................... 317
Documentconventionsandsymbols ............................. 317
Rackstability ....................................... 318
HPtechnicalsupport.................................... 318
Customerselfrepair .................................... 319
Productwarranties..................................... 319
Subscriptionservice .................................... 319
HPwebsites........................................ 319
Documentationfeedback .................................. 319
Glossary............................. 321
Index .............................. 323
Secure Key Manager
11
Figures
1
Identifythecontentsoftheshippingcarton..................... 26
2
Connect the pow
3
Viewing the CerticateResponseField....................... 52
4
Filteringthelistofkeys.............................. 70
5
Exportingthekey................................ 70
6
VerifyingtheBackupSummarysectiontoexportandimportthekey .......... 71
7
Enteringbackupinformation ........................... 71
8
CompletingtheBackupRestoreInformationscreen.................. 73
9
Findingthekeytoforcereplication ........................ 75
10
Toggling t
11
Creating the backup of congurations and certicates ................ 77
12
Verifying
13
Verifying the Backup Summary section to backup all keys to an external server . . . . . . 79
14
ViewingtheCreateBackup:SecurityItemssection.................. 86
15
ViewingtheCreateBackup:DeviceItemssection .................. 87
16
Viewing
17
ViewingtheRestoreBackupsection ........................ 90
heDeletableproperty.......................... 75
the Backup Summary section to backup the congurations and certicates . . . 78
theCreateBackup:BackupSettingssection................. 88
ersuppliestoACpowersources .................. 29
18
ViewingtheBackupRestoreInformationsection................... 91
19
ViewingtheInternalBackupListsection ...................... 91
20
21 22 23 24 25 26 27 28 29 30
31 32 33
gtheServicesListsection.......................... 92
Viewin
ViewingtheRestart/Haltsection ......................... 93
ngtheDeviceInformationsection....................... 94
Viewi
ViewingtheLicenseInformationsection ...................... 94
ngtheSoftwareUpgrade/Installsection.................... 95
Viewi
ViewingtheRefreshPagesection ......................... 97
ViewingthePowerSupplyStatussection...................... 97
ViewingtheCoolingFanStatussection....................... 98
ViewingthePingInformationsection........................ 98
ViewingtheTracerouteInformationsection ..................... 99
ViewingtheHostInformationsection........................ 99
ViewingtheNetstatInformationsection ...................... 99
ewingtheNetstatResults............................ 100
Vi
FrontandtopofSKMappliance ......................... 101
12
34
Back of SKM appli
35
ViewingtheAdministratorAuthenticationscreen................... 103
ance............................. 102
36
Viewing the Log
37
ViewingtheSecuritySummarysection....................... 104
38
ViewingtheSystemSummarysection ....................... 104
39
ViewingtheRecentActionssection ........................ 105
40
ViewingtheSearchCriteriasection ........................ 106
41
ViewingtheResultssection............................ 106
42
Viewing the Filter elds ............................. 107
43
Viewing the number of items per page elds .................... 107
44
Locating b
45
Viewingthecontext-sensitivehelpwindow ..................... 108
46
FindingtheHelplink .............................. 108
47
ViewingtheKeysection ............................. 110
48
ViewingtheKeyPropertiessection......................... 112
49
ViewingtheGroupPermissionssection....................... 113
50
51
gtheCustomAttributessection ....................... 114
Viewin
ViewingtheKeyVersionsandAvailableUsagesection................ 115
outwindow ........................... 103
uttontolaunchcontext-sensitivehelp ................... 108
52
ViewingthePublicKeysection .......................... 115
53 ViewingCreateQuerysection .......................... 116
54
ViewingSavedQueriessection.......................... 117
55
ViewingtheModifyQuerysection ........................ 117
56
ViewingtheCreateKeysection.......................... 118
57
ViewingtheCloneKeysection .......................... 120
58
ViewingtheImportKeysection.......................... 121
59
ViewingtheAuthorizationPoliciessection...................... 123
60
61 62 63 6 65 66 67
wingtheAuthorizationPolicyPropertiessection.................. 123
Vie
ViewingtheAuthorizedUsagePeriodssection.................... 124
ViewingtheActiveVersionssection ........................ 125
ViewingtheCustomKeyAttributessection ..................... 126
4
ViewingtheLocalUserssection.......................... 127
ViewingtheSelectedLocalUsersection ...................... 128
ViewingtheCustomAttributessection ....................... 129
ViewingtheLocalGroupssection......................... 129
68
ViewingtheLocalGroupPropertiessection..................... 130
69
ViewingtheUserListsection ........................... 130
70
ViewingtheLDAPUserDirectoryPropertiessection ................. 131
Secure Key Manager
13
71
ViewingtheLDAPSchemaPropertiessection .................... 132
72
ViewingtheLDAPFailoverServerPropertiessection ................. 133
73
Viewing the LDA
74
ViewingtheLDAPGroupssection......................... 135
75
ViewingtheUserListsection ........................... 136
76
Viewing the CerticateListsection......................... 137
77
Viewing the CerticateInformationsection ..................... 138
78
Viewing the CerticateInstallationsection ..................... 140
79
Viewing the Self Signed Certicatesection..................... 141
80
Viewing the Create CerticateRequestsection ................... 141
81
Viewing the Import Certicatesection ....................... 142
82
Viewing the Trusted Certicate Authority List Prolessection.............. 144
83
Viewing the Trusted CerticateAuthorityListsection ................. 144
84
Viewing the Trusted CerticateAuthorityList(EditMode) ............... 145
85
Viewing the Local CerticateAuthorityListsection.................. 145
86
Viewing the CA CerticateInformationsection ................... 147
87
Viewing the Sign CerticateRequestsection .................... 148
88
Viewing the Signed Certicatessection ...................... 148
PUserssection.......................... 134
89
Viewing the Signed CerticateInformationsection.................. 149
90
Viewing the Create Local CerticateAuthoritysection ................ 150
91
Viewing the CA CerticateListsection....................... 152
92
Viewing the Install CA Certicatesection...................... 153
93
94 95 96 97 98 99
100
101 102 10 104
3
gtheFIPSCompliancesection ....................... 156
Viewin
ViewingtheHighSecuritySettingssection ..................... 157
Viewing the Security Settings ConguredElsewheresection.............. 159
ViewingtheFIPSStatusReport:normal....................... 162
ingtheFIPSStatusServerSettingssection ................... 164
View
ViewingtheSSLOptionssection ......................... 166
ViewingtheSSLCipherOrdersection ....................... 167
ViewingtheKMSServerSettingssection...................... 169
ViewingtheKMSServerAuthenticationSettingssection ............... 171
ViewingtheUserAccountLockoutSettingssection.................. 173
ewingtheHealthChecksection......................... 174
Vi
ViewingtheClusterMemberssection ....................... 176
14
105
ViewingtheClusterSettingssection ........................ 177
106
ViewingtheCreateClustersection ........................ 178
107
ViewingtheJoinClustersection.......................... 179
108
ViewingtheDateandTimeSettingssection..................... 181
109
ViewingtheNTPSettingssection ......................... 182
110
ViewingtheNetworkInterfaceListsection ..................... 183
111
ViewingtheDefaultGatewayListsection...................... 184
11 2
Viewing the St
11 3
ViewingtheHostnameSettingsection ....................... 186
11 4
ViewingtheDNSServerListsection........................ 187
11 5
ViewingtheNetworkInterfacePortSpeed/Duplexsection .............. 188
11 6
Viewing the
11 7
ViewingtheAllowedClientIPAddressessection................... 189
11 8
ViewingtheSNMPAgentSettingssection ..................... 192
11 9
ViewingtheSNMPv1/SNMPv2CommunityListsection................ 193
12 0
Viewing t
121
ViewingtheSNMPManagementStationListsection................. 195
12 2
ViewingtheSNMPManagementStationPropertiessection.............. 196
123
ViewingtheCreateSNMPManagementStationsection ............... 198
124
ViewingtheCreateLDAPAdministratorsection ................... 205
12 5
ViewingtheSelectLDAPUsernamesection..................... 207
126 127
gtheChangeYourPasswordsection..................... 209
Viewin
ViewingthePasswordSettingsforLocalAdministratorssection............. 210
aticRouteListsection ........................ 186
IPAuthorizationSettingssection .................... 189
heSNMPv3UsernameListsection..................... 194
12 8
12 9 13 0
131 13 2 13 3
13 4
13 5 13 6 13 7
13 8
13 9
14 0
141 14 2
14 3
ngtheMultipleCredentialsforKeyAdministrationsection ............ 213
Viewi
ViewingtheCredentialsGrantedsection...................... 214
ViewingtheGrantaCredentialsection ...................... 215
ViewingtheRemoteAdministrationSettingssection ................. 216
ViewingLDAPAdministratorServerPropertiessection ................ 219
ViewingLDAPSchemaPropertiessection...................... 220
wingtheLDAPFailoverServerPropertiessection ................. 221
Vie
ViewingtheRotationSchedulesection....................... 224
ViewingtheLogRotationPropertiessection..................... 225
ViewingtheSyslogSettingssection ........................ 227
ViewingtheLogSigningsection ......................... 227
Viewing the Log Signing CerticateInformationsection................ 228
ViewingtheActivityLogSettingssection ...................... 229
ViewingtheSystemLogsection.......................... 230
ViewingtheCurrentSystemLogsection ...................... 230
ViewingtheAuditLogsection........................... 231
14 4
ViewingtheCurrentAuditLogsection ....................... 231
Secure Key Manager
15
14 5
ViewingtheActivityLogsection.......................... 233
14 6
ViewingtheCurrentActivityLogsection ...................... 234
147
Viewing the Cli
14 8
ViewingtheCurrentClientEventLogsection .................... 235
14 9
ViewingtheRefreshStatisticssection........................ 236
15 0
ViewingtheSystemStatisticssection........................ 236
151
Viewing the C
152
ViewingtheThroughputsection.......................... 238
15 3
ViewingtheLicenseUsagesection......................... 238
15 4
ViewingtheRefreshStatisticssection........................ 239
15 5
Viewing th
entEventLogsection........................ 235
onnectionStatisticssection...................... 237
eKMSStatisticssection......................... 240
16
Tables
1 2 3 4 5
CreateBackup:SecurityItemssectioncomponents.................. 87
CreateBackup:DeviceItemssectioncomponents .................. 88
CreateBackup:BackupSettingssectioncomponents................. 89
RestoreBackupsectioncomponents ........................ 90
InternalBackupListsectioncomponents ...................... 91
6
Internal Ba
7
ServicesListsectioncomponents ......................... 93
8
Restart/H
9
DeviceInformationsectioncomponents....................... 94
10
LicenseInformationsectioncomponents ...................... 95
11
SoftwareUpgrade/Installsectioncomponents.................... 95
12
Refresh
13
PowerSupplyStatussectioncomponents...................... 97
14
Coolin
15
PingInformationsectioncomponents........................ 98
16
Tracer
17
HostInformationsectioncomponents ....................... 99
18
NetstatInformationsectioncomponents ...................... 100
19
NetstatHeadings................................ 100
20
AdministratorAuthenticationscreencomponents................... 103
21SystemSummarysectioncomponents ....................... 105
ckupListsectioncomponents ...................... 92
altsectioncomponents ......................... 93
Pagesectioncomponents ......................... 97
gFanStatussectioncomponents ...................... 98
outeInformationsectioncomponents..................... 99
22
RecentActionssectioncomponents ........................ 105
23
SearchCriteriasectioncomponents ........................ 106
24 25 2 27
28 KeyPropertiessectioncomponents ........................ 112
29 GroupPermissionssectioncomponents....................... 113
30
32
33 CreateQuerysectioncomponents......................... 116
sultssectioncomponents............................ 106
Re
Filter eldscomponents ............................. 107
6
Items Per Page eldscomponents ......................... 107
Keyssectioncomponents............................. 111
CustomAttributessectioncomponents ....................... 114
31
KeyVersionsandAvailableUsagesectioncomponents................ 115
PublicKeysectioncomponents .......................... 115
Secure Key Manager
17
34
SavedQueriessectioncomponents ........................ 117
35
ModifyQuerysectioncomponents ........................ 118
36 CreateKeysectioncomponents.......................... 119
37
CloneKeysectioncomponents .......................... 120
38 ImportKeysectioncomponents.......................... 121
39
AuthorizationPoliciessectioncomponents ..................... 123
40
Authorizat
41
AuthorizationUsagePeriodssectioncomponents .................. 124
ionPolicyPropertiessectioncomponents.................. 123
42ActiveVersionssectioncomponents ........................ 125
43
CustomKeyAttributionssectioncomponents .................... 126
44
Local Use 45
SelectedLocalUsersectioncomponents ...................... 128
46
CustomAttributessectioncomponents ....................... 129
47
LocalGroupssectioncomponents......................... 130
48
LocalGroupPropertiessectioncomponents..................... 130
UserListsectioncomponents ........................... 130
49 50
LDAPUserDirectoryPropertiessectioncomponents ................. 132
51
LDAPSchemaPropertiessectioncomponents .................... 133
52
LDA 53
LDAPUserssectioncomponents.......................... 135
rssectioncomponents.......................... 127
PFailoverServerPropertiessectioncomponents ................. 134
54 LDAPGroupssectioncomponents......................... 135
55
LDAPGroupssectioncomponents......................... 136
56
CerticateListsectioncomponents......................... 137
57
CerticateInformationsectioncomponents..................... 139
58
CerticateInstallationsectioncomponents ..................... 140
59
Self Signed Certicatesectioncomponents..................... 141
60
Create CerticateRequestsectioncomponents ................... 142
61
Import Certicatesectioncomponents ....................... 143
62
Trusted Certicate Authority List Prolessectioncomponents.............. 144
63
Trusted CerticateAuthorityListsectioncomponents ................. 144
64
Trusted CerticateAuthorityListComponents .................... 145
65
Local CerticateAuthorityListsectioncomponents.................. 146
66
CA CerticateInformationsectioncomponents ................... 147
67
Sign CerticateRequestsectioncomponents .................... 148
68
Signed Certificatessectioncomponents ...................... 149
69
Create Local CerticateAuthoritysectioncomponents ................ 151
70
CA CerticateListsectioncomponents....................... 152
71
Install CA Certicatesectioncomponents...................... 153
18
72
FIPSCompliancesectioncomponents ....................... 157
73
HighSecuritySettingssectioncomponents ..................... 158
74
Security Setti
75
FIPSStatusServertests.............................. 161
76 FIPS Sta tus Re
77
FIPSStatusServerSettingssectioncomponents ................... 164
ngs ConguredElsewheresectioncomponents.............. 159
portcomponents .......................... 163
78 SSLOptionssectioncomponents ......................... 166
79
SSLCipherOrdersectioncomponents....................... 167
80
KMSServerSettingssectioncomponents...................... 170
81
KMSServerAuthenticationSettingssectioncomponents ............... 172
82
UserAccountLockoutSettingssectioncomponents.................. 173
83
HealthChecksectioncomponents......................... 174
84
ClusterMemberssectioncomponents ....................... 177
85
ClusterSettingssectioncomponents........................ 178
86
CreateClustersectioncomponents ........................ 179
87
JoinClustersectioncomponents.......................... 180
88
DateandTimeSettingssectioncomponents..................... 181
89
NTPSettingssectioncomponents ......................... 182
90
NetworkInterfaceListsectioncomponents ..................... 183
91
DefaultGatewayListsectioncomponents...................... 184
92 StaticRouteListsectioncomponents........................ 186
93 HostnameSettingsectioncomponents....................... 187
94 DNSServerListsectioncomponents........................ 187
95
NetworkInterfacePortSpeed/Duplexsectioncomponents .............. 188
96
IPAuthorizationSettingssectioncomponents .................... 189
97
AllowedClientIPAddressessectioncomponents .................. 190
98
NMPAgentSettingssectioncomponents ..................... 193
S 99
SNMPv1/SNMPv2CommunityListsectioncomponents................ 194
100
SNMPv3UsernameListsectioncomponents .................... 195
101
SNMPManagementStationListsectioncomponents................. 196
102
SNMPManagementStationPropertiessectioncomponents.............. 197
103
CreateSNMPManagementStationsectioncomponents ............... 199
104
CreateLDAPAdministratorsectioncomponents ................... 206
105
SelectLDAPUsernamesectioncomponents..................... 207
106
ChangeYourPasswordsectioncomponents..................... 209
107
PasswordSettingsforLocalAdministratorssectioncomponents............. 210
108
Multiple Credentials for Key Administration section components . . . . . . . . . . . . 214
109
CredentialsGrantedsectioncomponents...................... 214
Secure Key Manager
19
11 0
GrantaCredentialsectioncomponents ...................... 215
111
RemoteAdministrationSettingssectioncomponents ................. 217
11 2
LDAPAdministratorServerPropertiessectioncomponents............... 219
11 3
LDAPSchemaPropertiessectioncomponents .................... 220
11 4
LDAPFailoverServerPropertiessectioncomponents ................. 221
11 5
Log lenamingconventions ........................... 222
11 6
RotationSchedulesectioncomponents....................... 225
11 7
LogRotationPropertiessectioncomponents..................... 226
11 8
SyslogSettingssectioncomponents ........................ 227
119 LogSigningsectioncomponents ......................... 228
12 0
Log Signing CerticateInformationsectioncomponents................ 229
121
ActivityLogSettingssectioncomponents...................... 229
12 2 S y st e m L o
gsectioncomponents.......................... 230
123CurrentSystemLogsectioncomponents ...................... 230
12 4
AuditLogsectioncomponents .......................... 231
12 5
CurrentAuditLogsectioncomponents....................... 231
126
FieldsintheActivityLog............................. 232
127
ValuesfortheDetailFieldintheActivityLog .................... 233
12 8
ActivityLogsectioncomponents.......................... 233
12 9
CurrentActivityLogsectioncomponents ...................... 234
13 0
FieldsintheClientEventLog........................... 234
131
ClientEventLogsectioncomponents........................ 235
13 2
CurrentClientEventLogsectioncomponents .................... 235
13 3
RefreshStatisticssectioncomponents........................ 236
temStatisticssectioncomponents........................ 237
Sys
13 4
135ConnectionStatisticssectioncomponents...................... 237
13 6
Throughputsectioncomponents.......................... 238
137 LicenseUsagesectioncomponents ........................ 238
8
13
RefreshStatisticssectioncomponents........................ 239
20
13 9
KMSStatisticssectioncomponents......................... 240
14 0
ListofCLIcommands .............................. 245
141
clocksetsyntaxdetails ............................. 294
14 2
Commonproblems ............................... 297
Documentconventions.............................. 317
14 3
1 Installing and replacing hardware
This section details the steps to install or replace the SKM hardware:
• Preparing for the installation
• Rack planning resources
•Optimumenvironment
• Unpacking
• Identifying the shipping carton contents
• Removing the existing appliance
• Install rails in the rack
Preparing for the installation
Tools for installation
Two people
#2 Phillips screwdriver
Box cutting knife
Laptop or PC that can be attached to the appliance using the null modem cable for the initial
conguration.
Taking ESD precautions
To prevent damaging the system, be aware of the precautions you need to follow when setting up the system or handling parts. A discharge of static electricity from a nger or other conductor may damage system boards or other static-sensitive devices. This type of damage may reduce the life expectancy of the device.
To preve
Avoid hand contact by transporting and storing products in static-safe containers.
Keep electrostatic-sensitive parts in their containers until they arrive at static-free workstations.
Place p
Avoid touching pins, leads, or circuitry.
Always be properly grounded when touching a static-sensitive component or assembly.
nt electrostatic damage:
arts on a grounded surface before removing them from their containers.
Grounding methods to prevent electrostatic discharge
Several methods are used for grounding. Use one or more of the following methods when handling or installing electrostatic-sensitive parts:
Use a wrist strap connected by a ground cord to a grounded workstation or computer chassis.
Wrist straps are exible straps with a minimum of 1 megaohm ±10 percent resistance in the ground cords. To provide proper ground, wear the strap snug against the skin.
Use heel straps, toe straps, or boot straps at standing workstations.
Wear the straps on both feet when standing on conductive oors or dissipating oor mats.
Use conductive eld service tools.
Secure Key Manager
21
Use a portable eld service kit with a folding static-dissipating work mat.
If you do not have any of the suggested equipment for proper grounding, have an authorized reseller install the part.
For more information on static electricity or assistance with product installation, contact your authorized reseller.
Rack planning r
The rack resource kit ships with all HP or Compaq branded 9000, 10000, and H9 series racks. A summary of the content of each resource follows:
Custom Builde
can be created using:
•Asimple,guidedinterface
•Build-it-yo
The Installing Rack Products video provides a visual overview of operations required for
conguring a rack with rack-mountable components. It also provides the following important conguration steps:
• Planning the site
•Installin
•Cablingserversinarack
• Coupling multiple racks
The Rack P
HP and Compaq branded racks and rack options. It also helps you set up and optimize a rack in a manner that best ts your environment.

Rack requirements

HP supports the HP System E racks and the HP 10000 Series racks for use with the SKM. Other racks mightalsobesuitable,buthavenotbeentestedwiththeSKM.
g rack servers and rack options
roducts Documentation CD enables you to view, search, and print documentation for
esources
r is a web-based service for conguring one or many racks. Rack congurations
urself model
NOTE:
If desired, when installing an SKM expansion unit, place it in a different rack from the other SKM appliances as far away from each other as possible to minimize the chance that they will both be disabled by the same physical or electrical event.

Rack warnings

WARNING!
To reduce the risk of personal injury or damage to the equipment, be sure that:
The leveling jacks are extended to the oor.
The full weight of the rack rests on the leveling jacks.
The stabilizing feet are attached to the rack if it is a single-rack installation.
The racks are coupled together in multiple-rack installations.
Only one component is extended at a time. A rack may become unstable if more than one
component is extended for any reason.
22
Installing and replacing hardware
WARNING!
To reduce the risk of personal injury or equipment damage when unloading a rack:
At least two people are needed to safely unload a rack from a pallet. An empty 42U rack can weigh
as much as 115 kg (253 lb), can stand more than 2.1 m (7 ft) tall, and may become unstable when being moved on its casters.
Never stand in front of a rack when it is rolling down the ramp from the pallet. Always handle a
rack from both sides.
Optimum environment
When installing an SKM in a rack, select a location that meets the environmental standards described in this section and Environmental specications.
Space and airow requirements
To allow for servicing and adequate airow, observe the following space and airow requirements when deciding where to install a rack:
Leave a minimum clearance of 122 cm (48 in) in front of the rack.
Leave a minimum clearance of 76.2 cm (30 in) behind the rack.
Leave a minimum clearance of 122 cm (48 in) from the back of the rack to the back of another
rack when racks are back-to-back.
An SKM draws in cool air through the front door and expels warm air through the rear door. Therefore, the front and rear rack doors must be adequately ventilated to allow ambient room air to enter the cabinet, and the rear door must be adequately ventilated to allow the warm air to escape from the cabinet.
CAUTION:
To prevent improper cooling and damage to the equipment, do not block the ventilation openings.
When vertical space in the rack is not lled by an SKM or rack component, the gaps between the components cause changes in airow through the rack and across the servers. Cover all gaps with blanking panels to maintain proper airow. Using a rack without blanking panels results in improper cooling
The Comp and rea
CAUTION:
If a third-party rack is used, observe the following additional requirements to ensure adequate airow and to prevent damage to the equipment:
Front and rear doors—If the 42U rack includes closing front and rear doors, you must allow
Side—The clearance between the installed rack component and the side panels of the rack must
that can lead to thermal damage.
aq 10000 Series racks provide proper SKM cooling from ow-through perforations in the front
r doors that provide 64 percent open area for ventilation.
5,350 sq cm (830 sq in) of holes evenly distributed from top to bottom to permit adequate airow (equivalent to the required 64 percent open area for ventilation).
be a minimum of 7 cm (2.75 in).
Temperature requirements
To ensure continued safe and reliable equipment operation, install or position the system in a well-ventilated, climate-controlled environment.
Secure Key Manager
23
The maximum recommended ambient operating temperature (TMRA) for the SKM system is 35° C (95° F). The temperature in the room where the rack is located must not exceed 35° C (95° F).
CAUTION:
To reduce the risk of damage to the equipment when installing third-party options:
Do not permit optional equipment to impede airow around the SKM or to increase the internal rack
temperature beyond the maximum allowable limits.
Do not exceed the TMRA.

Power requirements

Installation of an SKM must comply with local and regional electrical regulations governing the installation of information technology equipment by licensed electricians. This equipment is designed to operate in installations covered by NFPA 70, 1999 Edition (National Electric Code) and NFPA-75, 1992 (code for Protection of Electronic Computer/Data Processing Equipment). For electrical power ratings on options, see the product rating label or the user documentation supplied with that option.
WARNING!
To reduce the risk of personal injury, re, or damage to the equipment, do not overload the AC supply branch circuit that provides power to the rack. Consult the electrical authority having jurisdiction over wiring and installation requirements of your facility.
CAUTION:
Protect the SKM from power uctuations and temporary interruptions with a regulating uninterruptible power supply (UPS). This device protects the hardware from damage caused by power surges and voltage spikes and keeps the system in operation during a power failure.
When installing an SKM connected to more than one disk array, you may need to use additional power distribution devices to safely provide power to all devices. Observe the following guidelines:
Balance the device power load between available AC supply branch circuits.
Do not allow the overall system AC current load to exceed 80 percent of the branch circuit
AC current rating.
Do not use common power outlet strips for this equipment.
Provide a separate electrical circuit for each device.

Electrical grounding requirements

The SKM must be grounded properly for proper operation and safety. In the United States, you must install the equipment in accordance with NFPA 70, 1999 Edition (National Electric Code), Article 250, as well as any local and regional building codes. In Canada, you must install the equipment in accordance with Canadian Standards Association, CSA C22.1, Canadian Electrical Code. In all other countries, you must install the equipment in accordance with any regional or national electrical wiring codes, such as the International Electrotechnical Commission (IEC) Code 364, parts 1 through 7. Furthermore, you must be sure that all power distribution devices used in the installation, such as branch wiring and receptacles, are listed or certied grounding-type devices.
Because of the high ground-leakage currents associated with multiple SKM and servers connected to the same power source, HP recommends the use of a power distribution unit (PDU) that is either permanently wired to the building’s branch circuit or includes a non-detachable cord that is wired to an industrial-style plug. NEMA locking-style plugs or those complying with IEC 60309 are considered suitable for this purpose. Using common power outlet strips for an SKM is not recommended.
24
Installing and replacing hardware
Unpacking
Place the shipp the shipping ca notify the carr
To unpack the SKM:
1. Open the top of the shipping cartons.
2. Carefully lift the units out of the boxes and remove the packing materials.
3. Place the units on a stable work surface.
NOTE:
Inspect the units for any damage that may have occurred during shipment. If damage is detected, co
4. Remove the accessory kits and documentation from the shipping cartons. Set them aside for later use.
5. Place shipping materials back into the shipping cartons.
6. Set the shipping cartons aside for later use.
ing carton as close to the installation site as possible. Before unpacking the SKM, inspect
rton for damage that may have occurred during shipment. If you detect any damage,
ier and HP before unpacking the unit.
ntact your authorized service representative.
Identifying the shipping carton contents
A new SKM cluster contains at least two appliances, individually boxed.
NOTE:
Important System ROM updates for new processors
If the are included in the carton, please disregard them.
,orthe
HP ProLiant Essentials Foundation Pack
Each appliance box contains the items shown in Figure 1.
Secure Key Manager
25
Figure 1 Identify the contents of the shipping carton
Item
1 2 3 4 5 6DocumentationCD 71Uspacer 8
9
Description
Appliance Power cords (2 — 1 black, 1 gray) Null modem cable 1U rack mounting hardware kit and documentation Keys to the bezel (2 sets of 2 keys)
USB key Completed appliance information sheet,
Pre-installation survey and checklist, and Installation poster
NOTE:
Ifthisisareplacementappliance,notehowtheunitispackedintheshippingcarton. Handlethe packing materials carefully so that you can repackage the old appliance using the replacement carton and packing materials.
CAUTION:
There will be several tamper-evident labels. Do not cut or damage these labels because they are required for FIPS compliance audits.

Selecting a rack location

Select a rack location that meets the space, airow, temperature, power, and electrical grounding requirements described in Rack planning resources.
For adequate airow within the rack, use appropriate high airow inserts in rack cabinet doors and observe industry standard practices for adequate spacing between racks or rows of racks.
NOTE:
Do not in from op
26
stall an appliance in the bottom unit of the rack; doing so will prevent the locking bezel cover
ening.
Installing and replacing hardware
Removing an exi
sting SKM (appliance) from the system
Skip this step i
1. Zeroize the or
following com
hostname# configure
hostname# reset factory settings zeroize
Conrm that yo Allow the system to zeroize the contents of the appliance. During this process the appliance reboots
automatically several times. The process may take several minutes.
2. Halt the syste
Are you ready to begin setup? (y/halt):
Type halt.Afteryouconfirm that you want to halt the system, the appliance begins a shutdown process. This may take a few minutes and powers off the appliance.
Once the appl
3. Release the p
the appliance.
4. Unlock and open the locking bezel cover.
5. Loosen the thumbscrews on the front bezel to release the appliance from the rack.
6. Close and r
7. Extendtheapplianceoutoftherackuntilthesliderailslockintoplace.
8. With another person, press the inner rail release latches. Pull the appliance out of the rack and set
it on a sta
9. Remove the rails from the original appliance for reuse on the replacement appliance. To do so,
pull out on the tab of the rail that locks the center tab of the appliance, slide the rail forward, and pull the rail off the appliance.
10. Return t 11 . Skip to Attaching rails to the appliance.
f you are installing a new appliance.
iginal appliance. To do so, sign into the command line interface and enter the
mands:
u wish to perform the zeroize operation.
m. At the end of the zeroize process the system displays the following:
iance has powered itself off it is ready to be removed and packaged for shipment.
ower cables from the strain relief clip. Disconnect the Ethernet and power cables from
e-lock the front bezel and remove the keys.
ble work surface.
he original appliance to HP according to the repackaging instructions sent separately.
Installing the rails in the rack
1. Locate the rail kit.
2. Adjust the outer slide rail to the approximate rack depth.
3. At one side of the rack, align the rail with the holes in the rack. The word Front is engraved on
the front of the rails; the word Rear is engraved on the rear of the rails.
4. Insert the rail into the holes in the rack and press rmly until the rail is secure.
Secure Key Manager
27
5. Repeat these steps with the other side rail.

Attaching rails to the appliance

11776
Instal
1. Align one of
so that the
2. Align the holes in the rail with the round tabs on the side of the appliance.
3. Put the rail onto the appliance with the tabs extending into the holes on the side of the rail, then
slidetherailtowardthefrontoftheapplianceuntilthetabsarelockedintotherail.
4. Perform these steps again to install the other rail on the other side of the appliance.
the rails with the left side of the appliance (as you face the front of the appliance)
word “FRONT” on the rail is seen right-side-up and at the front of the node.
11184
lingtheapplianceintherack
1. Align the rails on the appliance with the rails in the rack.
2. Slide the appliance fully into the rack.
ils on the appliance will lock into the rails on the rack. When fully seated against the
The ra rack, the appliance will also lock into place.
3. With the appliance fully seated in the rack, tighten the thumbscrews just until the bezel is
ed to the rack.
secur

Attaching the cables

1. Connect a standard Ethernet (CAT-5) cable from your local IP network (LAN) to the 10/100/1000
NIC 1 (RJ-45) connector.
WARNING!
To reduce the risk of electric shock, re, or damage to the equipment, do not
plug telephone or telecommunications connectors into RJ-45 (NIC) connectors.
28
Installing and replacing hardware
2. Connect the appliance power supplies’ AC power connectors to two separate AC power sources
using the power cables provided (see Figure 2).
Figure 2 Connec
3. Use the strain
t the power supplies to AC power sources
relief clip from the hardware kit to secure the power cord to the rack.
4. If this is a replacement appliance, pack the old appliance in the shipping materials for the
replacement appliance. You may need to remove the slide rails and null modem cable from the old appliance to titinthebox.
5. Plug one end o
that you will
f the null modem cable into the serial port. Plug the other end into the laptop or PC
use to congure the appliance.
Secure Key Manager
29
30
Installing and replacing hardware
Loading...
+ 297 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use