Quantum SCALAR KEY MANAGER OPEN SOURCE LICENSE AGREEMENT, SKM OPEN SOURCE LICENSE AGREEMENT User Manual
Scalar Key Manager
Quick Start Guide
This quick start guide provides basic installation and configuration
instructions for the Scalar® Key Manager (SKM). SKM can be deployed in
one of two ways:
• a pair of physical appliances (servers) purchased from Quantum, or
• a pair of virtual machines (VMs) installed in a VMware® environment.
Definition of terms: This guide uses the following terms to differentiate
between the two types of deployment:
• SKM appliance server — Physical key server purchased from
Quantum.
Scalar Key Manager
Contents
Installing and Configuring the SKM
Appliance Servers................................... 2
Items Required for Setup................... 2
Installing the SKM Appliance Servers 2
Configuring the SKM Appliance
Servers................................................ 3
Installing and Configuring the SKM VM
Servers.................................................... 6
Equipment and Software Needed .....6
Deploying the .ova Image.................. 7
Configuring the SKM VM Servers ...... 7
Installing TLS Certificates on the SKM
Server ................................................... 11
Installation Process .......................... 11
Requirements for Installing User-
provided TLS Certificates ................. 12
Configuring Your Library For SKM ....... 13
Configuring the Scalar i500 Tape
Library .............................................. 13
Configuring the Scalar i2000/i6000
Tape Library ...................................... 14
Backing Up the Keystores .................... 15
Configuring Multiple Libraries............. 17
• SKM VM server — Virtual machine key server purchased from
Quantum and installed in a VMware environment.
• SKM server — Generic term applying to either an SKM appliance server
or an SKM VM server.
These instructions guide you through installing and configuring both
options. For more information, see the
the
Scalar Key Manager Documentation CD
Perform all of the steps, in order, before you begin encrypting tapes.
This instruction uses the following conventions:
Note: Notes emphasize important information related to the main topic.
Caution: Cautions indicate potential hazards to equipment and are
included to prevent damage to equipment.
WARNING: Warnings indicate potential hazards to personal safety and
are included to prevent injury.
Scalar Key Manager User’s Guide
.
on
www.quantum.com
Scalar Key Manager Quick Start Guide
Installing and Configuring the SKM Appliance Servers
Follow the instructions in this section if you are deploying a pair of physical SKM
appliance servers.
Caution: The SKM appliance servers are designed for one purpose only—to store and
manage your encryption keys. Do not install additional hardware on the
servers. Never install any software, file, or operating system on the servers
unless it is an upgrade or patch supplied by Quantum. Doing so can make
your server inoperable and will void your warranty.
Items Required for Setup
Installing the SKM Appliance Servers
You need the following to install and configure each SKM appliance server:
• (2) SKM appliance servers (each comes with two hard disk drives installed).
• Power cord (supplied).
• Rackmount kit (supplied).
• Ethernet cable, crossover (for initial configuration, not supplied).
• Ethernet cable, standard (for standard operation, not supplied).
• Laptop or PC, to connect to each server to perform initial configuration.
• The most recent library firmware installed on your library. (Minimum versions
required: Scalar i500: 570G; Scalar i2000: 595A; Scalar i6000: 600A.)
• For Microsoft® Windows®, you may need to install a utility to use secure shell (SSH)
and secure file transfer protocol (SFTP). Two such utilities are PuTTY, available at
http://www.chiark.greenend.org.uk/~sgtatham/putty/ and WinSCP, available at
http://winscp.net.
Follow the instructions below for both SKM appliance servers.
1 Determine the location for the servers. It is recommended that the two servers be in
different geographical locations for disaster recovery purposes. Ensure the air
temperature is below 95 °F (35 °C).
2 Install the SKM appliance server in a rack. Follow the
Installation
Manager Documentation CD
2 Installing and Configuring the SKM Appliance Servers
instruction sheet (included with the rail kit and located on the
.
Scalar Key Manager Rack
Scalar Key
Figure 1 SKM Appliance Server
Power cord connector
Ethernet Port 1
(configuration)
Ethernet Port 2
(network)
Power button
Power-on LED
Rear Panel
Scalar Key Manager
3 Connect the power cord into the rear of the SKM appliance server (see Figure 1) and
plug it into a grounded power outlet.
4 Approximately 20 seconds after you connect the SKM appliance server to AC power,
the power button becomes active, and one or more fans might start running loudly
for about 20 seconds. Observe the power-on LED on the front panel of the SKM
appliance server (see Figure 2). It should be flashing, indicating the server is turned
off and connected to an AC power source. If the power-on LED is not flashing, there
could be a problem with the power supply or the LED. Check the power connection.
If this LED still does not flash, contact Quantum Support.
Figure 2 Front Panel
Configuring the SKM Appliance Servers
urn on the SKM appliance server by pressing the power button on the front of the
5 T
server (see Figure
2).
6 Again observe the power-on LED on the front panel of the SKM appliance server.
Wait until it is on but not flashing, indicating the server is turned on.
7 W
ait about 3 minutes to allow the server to complete startup before you connect via
SSH in the next step.
Follow the instructions below for both SKM appliance servers.
Note: Both SKM appliance servers must be configured, operational, and connected to
the network before any libraries can be set up to use them.
Installing and Configuring the SKM Appliance Servers 3
agreement, and then complete a setup wizard. The setup wizard helps you configure
The configuration process requires you to read and accept the end user license
Scalar Key Manager Quick Start Guide
your password, IP address, netmask, gateway, time zone, date, and time. Before
beginning, decide what you want each of these values to be. You can also change these
values in the future.
Allow 30 minutes per server to complete the configuration.
1 Set the IP address of the laptop or PC you will use to connect to the SKM appliance
server to 192.168.18.xxx (where xxx is any number from 0 to 255 except 3).
2 Connect a crossover Ethernet cable from the laptop or PC to Ethernet Port 1 on the
rear of the SKM server (see
Note: Ethernet Port 1 is used only for configuration. Once you perform the initial
configuration, you will use Ethernet Port 2 for SKM appliance server
communication via your network.
3 Using SSH, connect to the server using the IP address 192.168.18.3.
Note: The IP address of Ethernet Port 1 is a static IP address that cannot be
changed.
4 At the login prompt, enter the user login ID (which will never change):
Figure 1 on page 3).
akmadmin
5 At the password prompt, enter the default password:
password
6 At the akmadmin@skmserver prompt, enter:
./skmcmds
7 At the password prompt, enter the default password again:
password
The End User License Agreement displays.
8 Read and accept the license agreement. Press <Enter> to scroll through the
agreement, and at the end, enter
y to accept.
9 Press <Enter> to begin the setup wizard.
10 The first setup wizard task prompts you to change your password. There is only one
password for SKM, which is required for all logins and access to SKM Admin
commands, including backup and restore.
retrieve it.
If you lose the password, there is no way to
• If you do not wish to change the password at this time, just press <Enter> at the
“change password” prompts and the default password (
password) remains. You
can change the password at any time later using SKM Admin Commands.
• If you wish to change the password:
a At the “(current) UNIX password” prompt, enter the default password:
password
b Enter the new password.
4 Installing and Configuring the SKM Appliance Servers
Scalar Key Manager
c Enter the new password again.
d Press <Enter>.
Caution: EXTREMELY IMPORTANT:
Remember Your Password!
If you forget your password, there is no way to retrieve it!
Each SKM server has its own password. If you set them differently,
you must remember both.
If you forget your password, you will lose login access to the SKM
server, including backup and restore capability. Quantum will NOT
be able to restore the password.
CAUTION! CAUTION! CAUTION! CAUTION! CAUTION!
11 Continue through the setup wizard to configure the rest of the settings: time zone,
date and time, SKM server IP address, netmask, and gateway. If you press <Enter>
without entering a value, the existing value remains.
Note: The IP address you are configuring is for Ethernet Port 2, the port you will
be using for SKM operations.
Ethernet Port 1 IP Address (never changes): 192.168.18.3
Ethernet Port 2 Default IP Address: 192.168.20.4
12 When the setup wizard is complete, press <Enter>.
The list of SKM Admin commands displays. If you made any mistakes during the
setup wizard, you can go back and change them by entering the number
corresponding to the item. To view the list at any time, enter ./skmcmds at the
command prompt.
13 Enter q at the command prompt to save your changes and restart the SKM key
server. This process takes a few seconds.
14 Disconnect the crossover Ethernet cable from Ethernet Port 1 (see Figure 1 on
page 3).
15 Connect a standard Ethernet cable from Ethernet Port 2 on the back of the SKM
appliance server to your network (see
port using the IP address assigned in Step 11 above.
16 Repeat the above steps on the other SKM appliance server.
Figure 1 on page 3). You will connect to this
Installing and Configuring the SKM Appliance Servers 5
Scalar Key Manager Quick Start Guide
Installing and Configuring the SKM VM Servers
Follow the instructions in this section if you are deploying a pair of SKM VM servers for
installation in a VMware environment.
Perform all the instructions in this section for each SKM VM server. Use a different
installation CD for each VM.
Caution: It is recommended that the two SKM VM servers be installed in different
physical locations to provide better protection in case of disaster.
Caution: Quantum requires that you do not install any software, file, or operating
system on the SKM VM server unless it is an upgrade or patch supplied by
Quantum.
Equipment and Software Needed
You need the following to set up and configure the SKM VM servers:
• Two (2) Scalar Key Manager VM Installation CDs, one to configure each SKM server.
Each CD contains:
• SKM VM server software (.ova image)
• SKM server Quantum-provided TLS communication certificate bundle (.tgz file)
• Printed label on the DVD case containing MAC ID and license key (required for
installation)
• VMware® vSphere™ Client installed on a computer. The computer may be the same
as the server that hosts the VM but it does not have to be. The vSphere Client is
required for initial setup; after that, you can use vSphere Client or another method
to access the SKM VM server.
Note: These instructions in this section use vSphere Client version 4.0.0. If you use
a different version of vSphere, the instructions may differ.
• Resources required for each SKM VM server:
• (1) Ethernet interface
•(1) CD/DVD ROM drive
• 512 MB RAM
• 8 GB of disk space
• VM host software must be either the ESX 4.0 (64 bit) or the ESXi 4.0 (64 bit).
• The most recent library firmware installed on your library. (Minimum versions
required: Scalar i500: 570G; Scalar i2000: 595A; Scalar i6000: 600A.)
6 Installing and Configuring the SKM VM Servers
Loading...