To set up a redundant EKM server:
Select a second server to host the redundant EKM.
a
Install the EKM application following the instruction in the Dell
b
PowerVault Encryption Key Manager Quick Start Guide.
NOTE:
The following items must match: group name, number of keys, keystore name,
and keystore password.
Stop the secondary EKM server.
c
Collect the backup up files from the primary EKM server (located in
d
c:\ekm\Backup folder).
Replace the secondary EKM files with the files from the backup in the
e
c:\ekm\gui directory.
Restart the secondary EKM server and note the IP address of
f
the server.
•
EKM server IP configuration set up
It is recommended that the EKM server be set with a static IP address to
avoid changes in the IP address. With the EKM server IP address set to
dynamic (using a DHCP server), there is the possibility of the server
IP address being changed by the DHCP server. When the IP address of the
EKM server changes, the library cannot access the EKM server. Library
configuration settings require the user to input the EKM server IP address.
All backup jobs will fail if there is no available EKM server to provide the
required keys to the drive.
•
Drive requires a power cycle in order to recover from an encryption
failure due to an inaccessible encryption key
In the event of an encryption failure due to an inaccessible encryption key,
the backup job will fail to complete, and in some cases the user must
terminate the backup job. To recover the library to full functionality, the
user needs to power cycle the specific drive that failed (either via the RMU
or OCP). Once the drive has recovered, it is recommended to run Key path
diagnostics to ensure proper library and EKM configuration. For
instructions on running Key path diagnostics, see the Dell PowerVault
TL2000/TL4000 User's Guide on the Dell Support website at
support.dell.com.
8
Important Information
The secondary EKM settings must be the same as the original EKM.