User manual QUANTUM QUANTUM ENCRYPTION KEY MANAGER REV A01

[. . . ] Quantum Encryption Key Manager User's Guide, 6-01847-01, Rev A01, November 2007. Quantum Corporation provides this publication "as is" without warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability or fitness for a particular purpose. Quantum Corporation may revise this publication from time to time without notice. Making copies or adaptations without prior written authorization of Quantum Corporation is prohibited by law and constitutes a punishable violation of the law. [. . . ] In this configuration, all tape drives rely on a single key manager server with no backup. Should the server go down, the keystore becomes unavailable, making any encrypted tape unreadable (and preventing encrypted writes). In a single-server configuration, you must make sure that current, non-encrypted backup copies of the keystore and configuration files are maintained in a safe place, separate from Q-EKM, so its function can be rebuilt on a replacement server if the server copies are lost. 9 Quantum Encryption Key Manager User's Guide Chapter 2 Planning Your Q-EKM Environment Q-EKM Server Configurations The keystore and configuration files are: · ClientKeyManagerConfig. properties · KeyManagerConfig. properties · EKMKeys. jck The files are all in the root QEKM folder as follows: · Windows: C:\Program Files\Quantum\QEKM · Linux: opt/Quantum/QEKM Figure 2 Single Q-EKM Server Two-Server Configuration 2 The recommended two-server configuration allows the library to automatically failover to the secondary Q-EKM server should the primary Q-EKM server be inaccessible for any reason. Note: When different Q-EKM servers are used to handle requests from the same set of tape drives, the information in the associated keystores MUST be identical. This is required so that regardless of which Q-EKM server is contacted, the necessary information is available for the Q-EKM server to support requests from the tape drives. In an environment with two Q-EKM servers, such as those shown in Figure 3, the library will automatically failover to the secondary Q-EKM server should the primary go down. In such a configuration it is essential that the two Q-EKM servers share the same keystore file and that the servers are synchronized (Quantum Global Services can set up synchronization when they install your server). Quantum Encryption Key Manager User's Guide 10 Chapter 2 Planning Your Q-EKM Environment Q-EKM Server Configurations Once synchronization is configured, updates to the configuration files and drive table of the primary Q-EKM server are automatically duplicated on the secondary Q-EKM server. After any change to the keystore on the primary server (adding, importing, or exporting keys) the keystore file on the primary server must be manually copied to the secondary server. Figure 3 Two Q-EKM Servers With Shared Configurations Quantum Encryption Key Manager User's Guide 11 Chapter 2 Planning Your Q-EKM Environment Backing Up Keystore Data Backing Up Keystore Data Due to the critical nature of the keys in the keystore, you should always back up this data so that you can recover it, as needed, and be able to read the tapes that were encrypted using those certificates associated with that tape drive or library. Use your system backup capabilities to back up the entire QEKM directory regularly. The QEKM directory is located here: · Windows: C:\Program Files\Quantum\QEKM · Linux: opt/Quantum/QEKM Caution: Do not use Q-EKM to encrypt the backups!If you encrypt your backup, and you later lose your keystore, you will not be able to decrypt the tapes to recover your data. In addition, it is recommended that you maintain a primary and secondary Q-EKM server and keystore copy (for backup as well as failover redundancy). For disaster recovery, see Disaster Recovery Planning on page 12. Disaster Recovery Planning Quantum recommends that you plan for disaster recovery in the event that your primary and secondary servers become unavailable. Disaster recovery requires that the you maintain, in a secure location, current, non-Q-EKM encrypted copies of the following three files: · ClientKeyManagerConfig. properties · KeyManagerConfig. properties · EKMKeys. jck Quantum Encryption Key Manager User's Guide 12 Chapter 2 Planning Your Q-EKM Environment Considerations for Sharing Encrypted LTO-4 Tapes Offsite The files are all in the root QEKM folder as follows: · Windows: C:\Program Files\Quantum\QEKM · Linux: opt/Quantum/QEKM Successful recovery requires the following two things: · The copied files must be current. Any time the keystore or configuration files are changed (i. e. , creating, importing, or exporting keys or certificates), you must remember to save a backup. If you back up your files regularly as recommended, this should not be an issue (see Backing Up Keystore Data on page 12). If the primary and secondary servers are unavailable, the encrypted files will not be able to be decrypted and reused in the disaster recovery server. Upon failure of the Q-EKM server, Quantum Global Services can set up a new "disaster recovery" Q-EKM server or servers to replace the ones that became unavailable. Setup of the new server includes copying the three files listed above onto the new server. Considerations for Sharing Encrypted LTO-4 Tapes Offsite Note: Sharing keys between keystores is not supported at initial launch. It is common practice to share tapes with other organizations (that are not using the same Q-EKM server/keystore for encryption) for data transfer, joint development, contracting services, or other purposes. Q-EKM creates unique key aliases across all Q-EKM installations worldwide. This ensures that you can safely share Q-EKM-encrypted tapes with other sites or companies. Quantum Encryption Key Manager User's Guide 13 Chapter 2 Planning Your Q-EKM Environment Considerations for Sharing Encrypted LTO-4 Tapes Offsite Note: It is important to verify the validity of any certificate received from a business partner by checking the chain of trust of such a certificate back to the Certificate Authority that ultimately signed it. If you trust the Certificate Authority, then you can trust that certificate. Alternately, the validity of a certificate can be verified if it was securely guarded in transit. Failure to verify a certificate's validity in one of these ways may open the door to a "Man-in-the-Middle" attack. In order to share encrypted data on an IBM LTO-4 tape, a copy of the symmetric key used to encrypt the data on the tape must be made available to the other organization to enable them to read the tape. [. . . ] When finished collecting data, turn Debug off. EEE1 Encryption logic error: Internal error: "Unexpected error: EK/ EEDK flags conflict with subpage. " Ensure that you are running the latest version of Q-EKM (to determine the latest version, contact your Quantum Representative). Check the versions of drive or library firmware and update them to the latest release, if needed. If the problem persists, contact Quantum Global Call Center. Quantum Encryption Key Manager User's Guide 29 Chapter 4 Troubleshooting Errors Reported By Q-EKM Error Number EF01 Description Encryption Configuration Problem: "Drive not configured. " Action The drive that is trying to communicate with Q-EKM is not present in the drive table. Ensure that the config. drivetable. file. url is correct in the KeyManagerConfig. properties file, if that parameter is supplied. [. . . ]